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Abstract 

We consider a simple extension of logic programming where variables may range over goals 
and goals may be arguments of predicates. In this language we can write logic programs 
which use goals as data. We give practical evidence that, by exploiting this capability 
when transforming programs, we can improve program efficiency. 

We propose a set of program transformation rules which extend the familiar unfolding 
and folding rules and allow us to manipulate clauses with goals which occur as argu- 
ments of predicates. In order to prove the correctness of these transformation rules, we 
formally define the operational semantics of our extended logic programming language. 
This semantics is a simple variant of LD-resolution. When suitable conditions are satisfied 
this semantics agrees with LD-resolution and, thus, the programs written in our extended 
language can be run by ordinary Prolog systems. 

Our transformation rules are shown to preserve the operational semantics and termi- 
nation. 

KEYWORDS: program transformation, unfold/fold transformation rules, higher order 
logic programming, continuations 



1 Introduction 

Program transformation is a very powerful and widely recognized methodology 
for deriving programs from specifications. The rules -I- strategies approach to pro- 
gram transformation was advocated in the 1970s by Burstall and Darlington H1977|l 
for developing first order functional programs. Since then Burstall and Darlington's 
approach has been followed in a variety of language paradigms, including logical lan- 
guages l|Tamaki and Sato 1984|l and higher order functional languages l|Sands 1996|l . 
The distinctive feature of the rules -I- strategies approach is that it allows us to sepa- 
rate the concern of proving the correctness of programs with respect to specifications 
from the concern of achieving computational efficiency. Indeed, the correctness of 
the derived programs is ensured by the use of semantics preserving transformation 
rules, whereas the computational efficiency is achieved through the use of suitable 
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strategies which guide the appHcation of the rules. The preservation of the seman- 
tics is proved once and for all, for some given sets of transformation rules, and 
if we restrict ourselves to suitable classes of programs, we can also guarantee the 
effectiveness of the strategies for improving efficiency. 

In this paper we will argue through some examples, that a simple extension of 
logic programming may give extra power to the program transformation method- 
ology based on rules and strategies. This extension consists in allowing the use of 
variables which range over goals, called goal variables, and the use of goals which 
are arguments of predicates, called goal arguments. 

In the practice of logic programming the idea of having goal variables and goal ar- 
guments is not novel. The reader may look, for instance, at ( [Sterling and Shapiro 19861 
I Warren 1982|l . Goal variables and goal arguments can be used for expressing the 
meaning of logical connectives and for writing programs in a continuation passing 
style | |Tarau and Boyer 1990| IWand 1980|l as the following example shows. 

Example 1 

The following program PI: 

F V G <- F 
FW G 

expresses the meaning of the or connective. The following program P2: 

p{[], Cont) ^ Cont 

p{[X\Xs], Cont) ^ p{Xs, q{X, Cont)) 

q{0, Cont) ^ Cont 

uses the goal variable Cont which denotes a continuation. The goal p{l, true) suc- 
ceeds in P2 iff the list I consists of O's only. □ 

Programs with goal variables and goal arguments, such as PI and P2 in the above 
example, are not allowed by the usual first order syntax of Horn clauses, where 
variables cannot occur as atoms and predicate symbols are distinct from function 
symbols. Nevertheless, these programs can be run by ordinary Prolog systems whose 
operational semantics is based on LD-resolution, that is, SLD-resolution with the 
leftmost selection rule. For the concepts of LD-resolution, LD-derivation, and LD- 
tree the reader may refer to ( |Apt 199'7| ) 

The extension of logic programming we consider in this paper, allows us to write 
programs which use goals as data. This extension turns out to be useful for per- 
forming program manipulations which are required during program transformation 
and are otherwise impossible. For instance, we will see that by using goal vari- 
ables and goal arguments, we are able to perform goal rearrangements (also called 
goal reorderings in IjBossi et al. 1996ll 'l which are often required for folding, without 
affecting program termination and without increasing nondeterminism. 

Goal rearrangement is a long standing issue in logic program transformation. 
Indeed, although the unfold/fold transformation rules by Tamaki and Sato 1)1984(1 
preserve the least Herbrand model, they may require goal rearrangements and thus, 
they may not preserve the operational semantics based on LD-resolution. Moreover, 
goal rearrangements may increase nondeterminism by requiring that predicate calls 
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have to be evaluated before their arguments are sufficiently instantiated, and in 
many Prolog systems, insufficiently instantiated calls of built-in predicates may 
cause errors at run-time. In IjBossi and Cocco 1994|) it has been proved that by rul- 
ing out goal rearrangements, if some suitable conditions hold, then the unfolding, 
folding, and goal replacement transformation rules preserve the operational seman- 
tics of logic programs based on LD-resolution and, in particular, these rules pre- 
serve universal termination, that is, the finiteness of all LD-derivations ( |Apt 199'7| 
IVasak and Potter 1986|l . But, unfortunately, if we forbid goal rearrangements, many 
useful program transformations arc no longer possible. 

In this paper we will show through some examples that in our simple extension 
of logic programming we can restrict goal rearrangements to leftward moves of goal 
equalities. We will also show that these moves preserve universal termination and 
do not increase nondeterminism, and thus, the deterioration of performance of the 
derived program is avoided. 

The following simple example illustrates the essential idea of our technique which 
is based on the use of goal equalities. More complex examples will be presented in 
Sections and H 

Example 2 

Suppose that during program transformation we are required to fold a clause of the 
form: 

1. piX) ^ a{X), b{X), c{X) 
by using a clause of the form: 

2. q{X) <- a{X), ciX) 

We can avoid a leftward move of the atom c(X) by introducing, instead, an equality 
between a goal variable and a goal, thereby transforming clause 1 into the following 
clause: 

3. p{X)'^a{X), G=c{X), b{X), G 

Now we introduce the following predicate q' which takes the goal variable G as an 
argument: 

4. q'{X, G) ^ a{X), G^c{X) 

Then we fold clause 3 using clause 4, thereby getting the clause: 

5. p{X) ^ q'{X,G), b{X), G 

At this point we may continue the program transformation process by transforming 
clause 4, which defines the predicate q' , instead of clause 2, which defines the 
predicate q. For instance, we may want to unfold clause 4 w.r.t. the goal c(X) 
occurring as an argument of the equality predicate. □ 

As this example indicates, during program transformation we need to have at our 
disposal some transformation rules which can be used when goals occur as argu- 
ments. Indeed, in this paper: 

(i) we will introduce transformation rules for our logic language which allows goals 
as arguments. 
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(ii) we will show through some examples that the use of these rules makes it pos- 
sible to improve efficiency without performing goal rearrangements which increase 
nondeterminism, and 

(iii) we will prove that, under suitable conditions, our transformation rules are cor- 
rect in the sense that they preserve the operational semantics of our logic language 
and, in particular, they preserve universal termination. 

In order to show our correctness result, we will first define the operational seman- 
tics of our logic language with goal arguments and goal variables. This semantics 
will be given in terms of ordinary LD-resolution, except for the following two im- 
portant cases which we now examine. 

The first case occurs when, during the construction of an LD-derivation, we 
generate a goal which has an occurrence of an unbound goal variable in the leftmost 
position. In this case we say that the LD-derivation gets stuck. This treatment of 
unbound goal variables is in accordance with that of most Prolog systems which 
halt with error when trying to evaluate a call consisting of an unbound variable. 

The second case occurs when we evaluate a goal equality of the form: gi = g2. In 
this case we stipulate that gi = g2 succeeds iff gi is a goal variable which does not 
occur in g^ and it gets stuck otherwise. (In particular, for any goal g the evaluation 
of the equality .9 = 17 gets stuck.) This somewhat restricted rule for the evaluation 
of goal equalities is required for the correctness of our transformation rules, as the 
following example shows. 

Example 3 

Let us consider the program Ql: 

1. h^p{q) 

2. p{G)^G=q 

3. g ^ s 

where h, p, q, and s are predicate symbols and G is a goal variable. If we unfold 
the goal argument q in clause 1 using clause 3, we get the clause: 

4. h ^ p{s) 

and we have the new program Q2 made out of clauses 2, 3, and 4. By using ordinary 
LD-resolution and unification, the goal h succeeds in the original program Ql, while 
it fails in the derived program Q2, because s does not unify with q. □ 

This example shows that the set of successes is not preserved by unfolding w.r.t. a 

goal argument. Similar incorrectness problems also arise with other transformation 
rules, such as folding and goal replacement. These problems come from the fact 
that operationally equivalent goals (such as q and s in the above example) are not 
syntactically equal. 

In contrast, if we consider our restricted rule for the evaluation of goal equalities, 
the LD-derivation which starts from the goal h and uses the program Ql, gets stuck 
when the goal q=q is selected. Also the LD-derivation which starts from the goal 
h and uses the derived program Q2, gets stuck when the goal s = q is selected. 
Thus, the unfolding w.r.t. the argument q has preserved the operational semantics 
based on LD-resolution with our restricted rule for evaluating goal equalities. 
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In this paper we will consider two forms of correctness for our program trans- 
formations: weak correctness and strong correctness. Suppose that we have trans- 
formed a program Pi into a program P2 by applying our transformation rules. We 
say that this transformation is weakly correct iff, for any ordinary goal, that is, a 
goal without occurrences of goal variables and goal arguments, the following two 
properties hold: (i) if Pi universally terminates, then P2 universally terminates, 
and (ii) if both Pi and P2 universally terminate, then they compute the same set 
of most general answer substitutions. The transformation from Pi to P2 is strongly 
correct iff (i) it is weakly correct, and (ii) for any ordinary goal, if P2 universally 
terminates, then Pi universally terminates. 

Thus, when a transformation is weakly correct, the transformed program may 
be more defined than the original program in the sense that there may be some 
goals which have no semantic value in the original program (that is, either their 
evaluation does not terminate or it gets stuck) , whereas they have a semantic value 
in the transformed program (that is, their evaluation terminates and it does not 
get stuck). 

This paper is organized as follows. In Section |21 we present an introductory ex- 
ample to motivate the language extension we will propose in this paper, and the 
transformation rules for this extended language. In Section|31we give the definition 
of the syntax of our extended logic language with goal variables and goal arguments. 
In Section 21 we introduce the operational semantics of our extended language. 

In Sect ions Eland El we present the transformation rules and the conditions under 
which these rules are either weakly correct or strongly correct. For this purpose it 
is crucial that we assume that: (i) the evaluation of any goal variable gets stuck if 
that variable is unbound, and (ii) the evaluation of goal equalities is done according 
to the restricted rule we mentioned above. We will also show that, if a goal does 
not get stuck in a program, and we transform this program by using our rules, 
then the given goal does not get stuck in the transformed program. In this case, 
as it happens in the examples given in this paper, our operational semantics agrees 
with LD-resolution, and we can execute our transformed program by using ordinary 
Prolog systems. 

In Section we give some more examples of program transformation using our 
extended logic language and our transformation rules. We also give practical evi- 
dence that these transformations improve program efficiency. In SectionjHlwe make 
some final remarks and we compare our results with related work. 



2 A Motivating Example 

In order to present an example which motivates the introduction of goal variables 
and goal arguments, we begin by recalling a well-known program transformation 
strategy, called tupling strategy UPettorossi and Proietti 1994)l . Given a program 
where some predicate calls require common subcomputations (detected by a suitable 
program analysis), the tupling strategy is realized by the following three steps. 
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The Tupling Strategy 

{Step A) We introduce a new predicate defined by a clause, say T, whose body is 
the conjunction of the predicate calls with common subcomputations. 
(Step B) Wc derive a program for the newly defined predicate which avoids redun- 
dant common subcomputations. This step can be divided into the following three 
substeps: (B.l) first, we unfold clause T, (B.2) then, we apply the goal replacement 
rule to avoid redundant goals, and (B.3) finally, wc fold using clause T. 
(Step C) By suitable folding steps using clause T, we express the predicates which 
are inefficiently computed by the initial program, in terms of the predicate intro- 
duced at Step (A). 



A difficulty encountered when applying the tupling strategy is that, in order to apply 
the folding rule as indicated at Steps (B) and (C), it is often necessary to rearrange 
the atoms in the body of the clauses and, as already discussed in the Introduction, 
these rearrangements may affect program termination or increase nondeterminism. 

The following example shows that this difficulty in the application of the tupling 
strategy can be overcome by introducing goal variables and goal arguments. 

Example 4 

Let us consider the following program Deepest: 

1. deepest{l{N),N) ^ 

2. deepest{t{L,R),X) ^ depth{L,DL), depth{R,DR), DL>DR, 

deepest {L, X) 

3. deepest{t{L,R),X) ^ depth{L,DL), depth{R,DR), DL<DR, 

deepest{R, X) 

4. depth{l{N),l) ^ 

5. depth{t{L,R),D) ^ depth{L,DL), depth{R,DR), max{DL, DR, M), 

plus{M,l,D) 

where deepest {T, X) holds iff T is a binary tree and X is the label of one 
of the deepest leaves of T. The two calls depth{L,DL) and deepest{L,X) in 
clause 2 may generate common redundant calls of the depth predicate. Indeed, 
both depth{t{Ll, Rl), N) and deepest {t {LI, Rl) , X) generate two calls of the form 
depth{Ll, DL) and depth{Rl, DR). In accordance with the tupling strategy, we 
transform the given program as follows. 

{Step A) We introduce the following new predicate: 

6. dd{T,D,X) depth{T,D), deepest{T,X) 

{Step B.l) We apply a few times the unfolding rule, and we derive: 

7. dd{l{N),l,N) ^ 

8. dd{t{L,R),D,X) ^ depth{L,DL), depth{R,DR), 

max{DL,DR,M), plus{M,l,D), 
depth{L,DLl), depth{R, DRl), 
DL1>DR1, deepest{L,X) 
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9. dd{t{L,R),D,X) ^ depth{L,DL), depth{R,DR), 

max{DL,DR,M), plus{M,l,D), 

depth{L,DLl), depth{R, DRl), 
DL1<DR1, deepest{R,X) 

{Step B.2) Since depth is functional with respect to its first argument, by applying 
the goal replacement rule we delete the atoms depth{L, DLl) and depth{R, DRl), 
in clauses 8 and 9, and we replace the occurrences of DLl and DRl by DL and DR, 
respectively, thereby getting the following clauses 10 and 11: 

10. dd{t{L,R),D,X) ^ depth{L,DL), depth{R,DR), max{DL, DR, M), 

plus{M,l,D), DL>DR, deepest{L,X) 

11. dd{t{L,R),D,X) ^ depth{L,DL), depth{R,DR), max{DL, DR, M), 

plus{M,l,D), DL<DR, deepest{R,X) 

(Step B.3) In order to fold clause 10 using clause 6, we move deepest{L, X) imme- 
diately to the right of depth{L, DL). Similarly, in the body of clause 11 we move 
deepest{R, X) immediately to the right of depth{R, DR). Then, by folding we derive: 

12. dd{t{L,R),D,X) ^ dd{L,DL,X), depth{R,DR), max{DL, DR, M), 

plus{M,l,D), DL > DR 

13. dd{t{L,R),D,X) ^ depth{L,DL), dd{R,DR,X), max{DL, DR, M), 

plus{M,l,D), DL< DR 

{Step C) Finally, we fold clauses 2 and 3 using clause 6, so that to evaluate the 
predicates depth and deepest we use the predicate dd, instead. Also for those folding 
steps we have to suitably rearrange the order of the atoms. By folding, we derive 
the following program Deepestl: 

1. deepest{l{N),N) ^ 

14. deepest{t{L,R),D,X) ^ dd{L,DL,X), depth{R,DR), DL>DR 

15. deepest{t{L,R),D,X) ^ depth{L,DL), dd{R,DR,X), DL < DR 
7. dd{l{N),l,N) ^ 

12. dd{t{L,R),D,X) ^ dd{L,DL,X), depth{R,DR), max{DL, DR, M), 

plus{M,l,D), DL > DR 

13. dd{t{L,R),D,X) ^ depth{L,DL), dd{R,DR,X), max{DL, DR, M), 

plus{M,l,D), DL< DR 

In order to evaluate a goal of the form deepest {t, X), where t is a ground tree and 
X is a variable, we may construct an LD-derivation using the program Deepestl 
which does not generate rcdimdant calls of depth. This LD-derivation performs 
only one traversal of the tree t and has linear length with respect to the size 
of t. However, this LD-derivation is constructed in a nondeterministic way, and if 
the corresponding LD-tree is traversed in a depth- first manner, like most Prolog 
systems do, the program exhibits an inefficient generate-and-test behaviour. Thus, 
in practice, the tupling strategy may diminish program efficiency. 

The main reason of this decrease of efficiency is that, in order to fold clause 10, 
we had to move the atom deepest{L, X) to a position to the left of DL > DR, and 
this move forces the evaluation of calls of deepest{L, X) even when DL > DR fails. 
(Notice that the move of deepest{R, X) to the left of DL < DR is harmless because 
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DL < DR is evaluated after the failure of DL > DR and, thus, DL < DR never 
fails.) □ 

In the following example we will present an alternative program derivation which 
starts from the same initial program Deepest. In this alternative derivation we will 
use our extended logic language which will be formally defined in the following 
Section|2| As already mentioned in the Introduction, when writing programs in our 
extended language, we may use: (i) the goal equality predicate (ii) goal variables 
occurring at top level in the body of a clause, and (iii) the disjunction predicate 
V. This alternative program derivation avoids harmful goal rearrangements and 
produces an efficient program without redundant subcomputations. 

Example 5 

Let us consider the program Deepest listed at the beginning of Example0]consisting 
of clauses 1-5. By using disjunction in the body of a clause, clauses 2 and 3 can be 
rewritten as follows: 

16. deepest{t{L,R),X) ^ depth{L,DL), depth{R,DR), 

{{DL>DR, deepest{L,X)) V {DL<DR, deepest{R,X))) 

After this initial transformation step the derived program, call it DeepestOr, consists 
of clauses 1, 4, 5, and 16. 

Now we consider an extension of the tupling strategy which makes use of the 
transformation rules for logic programs with goal arguments and goal variables. 
These rules will be formally presented in Sectional We proceed as follows. 

{Step A) We introduce the following new predicate g which takes a goal variable G 
as an argument: 

17. g{T,D,X,G) ^ depth{T,D), deepest {T,X) 

Notice also that in clause 17 the goal deepest{T , X) occurs as an argument of the 
equality predicate. 

{Step B) We derive a set of clauses for the newly defined predicate g as follows. 

{Step B.l) We unfold clause 17 w.r.t. depth{T, D) and we derive: 

18. g{l{N), 1, X, G) ^ G=deepest{l{N),X) 

19. g{t{L,R),D,X,G) ^ depth{L,DL), depth{R,DR), max{DL, DR, M), 

plus{M,l,D), G = deepest{t{L,R),X) 
Now, by unfolding clauses 18 and 19 w.r.t. the atoms with the deepest predicate, 
we derive: 

20. g{l{N),l,N,true) ^ 

21. g{t{L,R),D,X,G) ^ depth{L,DL), depth{R,DR), 

max{DL,DR,M), plus{M,l,D), 
G^{depth{L,DLl), depth{R, DRl), 

{{DLl>DRl, deepest{L,X))y {DL1<DR1, deepest {R, X)))) 

{Step B.2) We perform two goal replacement steps based on the functionality of 
depth, and from clause 21 we derive: 
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22. g{t{L,R),D,X,G) ^ depth{L,DL), depth{R,DR), 

max{DL,DR,M), plus{M,l,D), 

G^{{DL>DR, deepest{L, X)) \J {DL<DR, deepest {R, X))) 

{Step B.3) In order to fold clause 22 using clause 17, we first introduce goal equalities 
and we then perform suitable leftward moves of those goal equalities. We derive the 
following clause: 

23. g{t{L,R),D,X,G) ^ depth{L,DL), GL= deepest {L, X), 

depth{R,DR), GR = deepest{R, X), 

max{DL,DR,M), plus{M,l,D), 

G = {{DL>DR, GL) V {DL<DR, GR)) 
Notice that we can move the goal equality GL — deepest{L, X) to the left of the 
test DL > DR without altering the operational semantics of our program. Indeed, 
this goal equality succeeds and binds the goal variable GL to the goal deepest{L, X) 
without evaluating it. The goal deepest{L, X) will be evaluated only when GL is 
called. A similar remark holds for the goal equality GR= deepest {L, X). Now, by 
folding twice clause 23 using clause 17, we get: 

24. g{t{L, R), D, X, G) ^ g{L, DL, X, GL), g{R, DR, X, GR), 

max{DL,DR,M), plus{M,l,D), 
G^{{DL>DR, GL) V {DL<DR, GR)) 

(Step C) Now we express the predicate deepest in terms of the new predicate g by 
transforming clause 16 as follows: (i) we first replace the two deepest atoms by the 
goal variables GL and GR, (ii) we then introduce suitable goal equalities, (iii) we 
then suitably move to the left the goal equalities, and (iv) we finally fold using 
clause 17. We derive the following clause: 

25. deepest{t{L, R),X) ^ g{L, DL, X, GL), g{R, DR, X, GR), 

{{DL>DR, GL) V {DL<DR, GR)) 
Our final program Deepest2 is as follows: 

1. deepest{l{N),N) ^ 
25. deepest{t{L, R),X) ^ g{L, DL, X, GL), g{R, DR, X, GR), 

{{DL>DR, GL) V {DL<DR, GR)) 
20. g{l{N),l,N,true) ^ 
24. g{t{L,R),D,X,G) ^ 

g{L,DL,X,GL), g{R, DR, X , GR), 

max{DL,DR,M), plus{M,l,D), 

G = {{DL > DR, GL) V {DL < DR, GR)) 
Now, when we evaluate a goal of the form deepest{t, X), where t is a ground tree 
and X is a variable, Deepest2 does not generate redundant calls and it performs 
only one traversal of the tree t. Deepest2 is more efficient than Deepest because in 
the worst case Deepest2 performs 0{n) LD- resolution steps to compute an answer 
to deepest {t, X), where n is the number of nodes of t, while the initial program 
Deepest takes 0{n^) LD-resolution steps. The program Deepest2 can be run by an 
ordinary Prolog system and computer experiments confirm substantial efficiency 
improvements with respect to the initial program Deepest (see Section 17^ . 
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Efficiency improvements, although smaller, are obtained also when comparing 
the final program Deepest2 with respect to the intermediate program DeepestOr 
which has been obtained from the initial program Deepest by replacing clauses 2 
and 3 by clause 16, thereby avoiding the repetition of the common goals in clauses 2 
and 3. Indeed, although more efficient than Deepest in the worst case, the program 
DeepestOr still takes a quadratic number of LD-resolution steps to compute an 
answer to deepest [t, X). □ 

In Section [71 we will present more examples of program derivation and we will also 
provide some experimental results. 



3 The Extended Logic Language with Goals as Arguments 

Let us now formally define our extended logic language. Suppose that the following 
pairwise disjoint sets are given: (i) individual variables: X , Xi, X2, ■ ■ ■ , (ii) goal vari- 
ables: G, Gi, G2, ■ ■ ■ , (iii) function symbols (with arity): /,/i,/2, . . . , (iv) primitive 
predicate symbols: true, false, =^ (denoting equality between terms), —g (denot- 
ing equality between goals), and (v) predicate symbols (with arity): p,pi,p2,... 
Individual and goal variables are collectively called variables, and they are ranged 
over by V , Vi, V2, ■ ■ ■ Occasionally, we will feel free to depart from these naming 
conventions, if no confusion arises. 

Terms: t, ti, t2, ■ ■ ., goals: g, gi, 52, • ■ and arguments: u, ui, U2, . ■ ., have the follow- 
ing syntax: 

t::=X \ f{ti,...,t^) 

g ::^ G \ true \ false \ ti h \ gi =g 52 | p[ui, Um) | 5i A 32 | ffi V 32 
u::^t\g 

The binary operators A (conjunction) and V (disjunction) are assumed to be as- 
sociative with neutral elements true and false, respectively. Thus, a goal g is the 
same as true A g and g A true. Similarly, g is the same as false V g and g V false. 
Goals of the form p(ui, . . . , Um) are also called atoms. In the sequel, for reasons of 
simplicity, we will write =, instead of =t or ^g, and we leave it to the reader to 
distinguish between the two equalities according to the context of use. Notice that, 
according to our operational semantics (see Section ^J, V is commutative, A is not 
commutative, =t is symmetric, and =g is not symmetric. 
Clauses c, c\, C2, . . ■ have the following syntax: 

c ::= p[Yi,..., Vra) ^ g 
where p is a non-primitive predicate symbol and Vi, . . . , V„i are distinct variables. 
The atom p{Vi, . . . , Vm) is called the head of the clause and the goal g is called the 
body of the clause. A clause of the form: p(Vi, . . . , Vm) *— true will also be written 
as ^(^1, . . . , Vm) <-. 

Programs P, Pi, P2, . . . are sets of clauses of the form: 
Pi{Vi, V,ni) ^ gi 

PkiVi, Vrak) ^ gk 
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where pi,...,pk are distinct non-primitive predicate symbols, and every non- 
primitive predicate symbol occurring in {gi, . . . , g^} is an element of {pi, . . . ,pk}- 
Each clause head has distinct variables as arguments. Given a program P and 
a non-primitive predicate p occurring in P, the unique clause in P of the form 
p{Vi, . . . , Vm) <— g, is called the definition of p in P. We say that a predicate p is 
defined in a program P iff p has a definition in P. 

An ordinary goal is a goal without goal variables or goal arguments. Formally, an 
ordinary goal has the following syntax: 

g ::= true \ false \ ti t2 \ . . . , Un) | ffi A 32 | ffi V 32 
where ti,t2, . . . ,tm are terms. Ordinary programs are programs whose goals are 
ordinary goals. 

Notes on syntax. 

(1) When no confusion arises, we also use comma, instead of A, for denoting con- 
junction. 

(2) The assumption that in our programs clause heads have only variables as argu- 
ments is not restrictive, because we may always replace a non-variable argument, 
say M, by a variable argument, say F, in the head of a clause, at the expense of 
adding the extra equality V = u 'm the body. 

(3) The assumption that in every program there exists at most one clause for each 
predicate symbol is not restrictive, because one may use disjunctions in the body 
of clauses. In particular, every definite logic program written by using the familiar 
syntax | |Lloyd 1987| ), can be rewritten into an equivalent program of our language 
by suitable introductions of equalities and V operators in the bodies of clauses. 

(4) Our logic language is a typed language in the sense that: (i) every indi- 
vidual variable has type term, (ii) every function symbol of arity n has type 
term^ — > term, (iii) true, false, and every goal variable have type hool, (iv.l) =1 
has type term x term bool, (iv.2) —g has type bool x bool — )■ bool, and (v) every 
predicate symbol of arity n has a unique type of the form: {term \ bool)"^ bool. 
We assume that all our programs can be uniquely typed according to the above 
rules. 

4 The Operational Semantics 

In this section we define the operational semantics of our extended logic language. 
We choose a syntax-directed style of presentation which makes use of deduction 
rules. For an elementary presentation of this technique, sometimes called structural 
operational semantics or natural semantics, the reader may refer to l|Winskel 1998|l . 

Before defining the semantics of our logic language, we recall the following no- 
tions. By { Vil ui, . . . , Vm/u„i} we denote the substitution of ui, . . . , u,„ for the 
variables Vi, . . . , Vm.. As usual, we assume that the Vi's are all distinct and for 
i = 1, . . . , m, Ui is distinct from Vi. By e we denote the identity substitution. By 

t 5 we denote the restriction of the substitution d to set S of variables, that 
is, 'd \ S = {V/u I V/u G I? and V& S}. Given the substitutions i?, 771, . . . , 77^, by 
d o {ryi, . . . ,rik} we denote the set of substitutions {i??7i, . . . , 'drj^} (where, as usual. 
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juxtaposition of substitutions denotes composition | |Lloyd 1987| |). By g-d we denote 
the application of the substitution z9 to the goal g. By mgu{ti,t2) we denote a 
relevant, idempotent, most general unifier of the terms ti and i2- 

The set of all substitutions is denoted by Subst and the set of all finite sub- 
sets of Subst is denoted by V{Subst). Given A,B & 'P{Subst), we say that A 
and B are equally general with respect to a goal g iff (i) for every a A there 
exists (3 G B such that ga is an instance of g(3, and symmetrically, (ii) for ev- 
ery f3 G B there exists a £ A such that gP is an instance of ga. For example, 
A = {{X/t}, {X/Y}, {X/Z}} and B = {{X/W}} are equally general with re- 
spect to the goal p{X). 

Given a set of substitutions A G V{Subst) and a goal g, let mostgen{A, g) denote a 
largest subset of {g-d \ -d € A} such that for any two goals gi and 52 in mostgen{A, g), 
gi is not an instance of g2- For example, mostgen{{{X / 1} , {X/Y}, {X /Z}},p{X)) 
= {p{ Y)}. Notice that the set denoted by mostgen is not uniquely determined. 
However, it can be shown that, whatever choice we make for the set denoted by 
mostgen, any two sets of substitutions A and B are equally general with respect 
to a goal g iff there exists a bijection p from mostgen{A, g) to mostgen{B,g) such 
that for any goal h G mostgen{A, g), p{h) is a variant of h. In this case we write 
mostgen{A, g) « mostgen{B, g). 

We use g[u] to denote a goal g in which we have selected an occurrence of its 
subconstruct u, where u may be either a term or a goal. By we denote the 
goal g[u] without the selected occurrence of its subconstruct u. We say that g[-] 
is a goal context. For any syntactic construct r, we use vars{r) to denote the set 
of variables occurring in r and, for any set {ri, . . . , of syntactic constructs, 
we use vars{ri, . . . , r™) to denote the set of variables vars(ri) U . . . U vars{rm). In 
particular, given a substitution a variable belongs to vars{'d) iff it occurs either 
in the domain of i? or in the range of "O. Given two goals g and gi and a clause c of 
the form p{Vi, . . . , V,n) ^ g[gi\^ the local variables of gi in c are those in the set 
vars{gi) - {{Vi,..., V^} U vars{g[J\)). 

Given a program P, we define the semantics of P as a ternary relation P h g >—>■ A, 
where 5 is a goal and ^ is a finite set of substitutions, meaning that for P and g 
all derivations are finite and A is the finite set of answer substitutions which are 
computed by these derivations. The relation P h g i— s- ^ is defined by the deduction 
rules given in Figure ^ 

A deduction tree t for P h 5 k-s- j4 is a tree such that: (i) the root of t is 
P \- g 1-^ A, and (ii) for every node n of r with sons rii, . . . , (with k > 0), 
there exists an instance of a deduction rule, say r, whose conclusion is n and whose 
premises are ni, . . . , n^. We say that n is derived by applying rule r to ni, . . . ,nk. 
A proof of P h (7 1-^ ^ is a finite deduction tree for P \- g A where every leaf is 
a deduction rule which has no premises. 

We say that P \- g ^ A holds iff there exists a proof ofPhgi-^^. IfPh^h— >j4 
holds and A ^ then we say that g succeeds in P, written P \^ g i true. Otherwise, 
if P h (7 holds, then we say that g fails in P, written P h 5 | false. If g 
either succeeds or fails in P we say that g terminates in P. We say that a goal g is 
stuck iff it is either of the form G A where G is a goal variable, or of the form 
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iff) 



{at) 



{or) 



P \- true 1-^ {s} 



P h false A 5 !-»■ 



(teal) —— — if ti and are non-unifiable terms 

/, o^ P \- grngu{ti_J,2) ^ A -n . 

(teqz) —— — r r — TV it ti and are unmable terms 

^ ^ ' P \- {ti = t2) A g {mgu{ti,t2)oA) 



P ^ 92{G/gi} ^ A 



P h {G = gi)Ag2 ^ {{G/gi}oA) 

if the goal variable G is not in vars{gi) 

P I" gi{ Vi/ui, V,n/u„,} Ag A 
P h p{ui, Um) A g ^ A\S 

where p{Vi,. . . , V^) <— 5i is a renamed apart clause of P 

and S is vars{p{ui, . . . , Um) A g) 

P \- gi Ag ^ Ai P \- g2 A g A2 



P h (ffi V 52) A 5 (^1 U A2) 
Fig. 1. Operational Semantics 



{go = gi) Ag2, where either go is a non- variable goal or go is a goal variable occurring 
in gi . We say that g gets stuck in P iff there exist a set A of substitutions and a 
(finite or infinite) deduction tree t ior P \- g A such that a leaf of t is of the 
form P \- gi B and gi is stuck. For instance, the goal {G = p) A {G = q) gets 
stuck in any program P. We say that g is safe in P iff 5 does not get stuck in P. 

For every program P and goal g, the three cases: (i) g succeeds in P, (ii) g fails in 
P, and (iii) g gets stuck in P, are pairwise mutually exclusive, but not exhaustive. 
Indeed, there is a fourth case in which the unique maximal deduction tree with root 
P \- g A is infinite and each of its leaves, if any, is the conclusion of a deduction 
rule which has no premises. In this case no A exists such that P \- g 1-^ A holds 
and g does not get stuck in P. 

Notes on semantics. 

(1) In our presentation of the deduction rules we have exploited the assumption that 

A and V are associative operators with neutral elements true and false, respectively. 

For instance, we have not introduced the rule ^5-; — t—, s because it is an 

P h false i-> 

instance of rule {ff) for g = true. 

(2) Given a program P and a goal 9, if there exists a proof for P \- g 1-^ A for some 
A, then the proof is unique up to isomorphism. More precisely, given two proofs, 
say TTi for P h I— > Ai and 7r2 for P h g 1-^ A2, there exists a bijection p from 
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the nodes of tti to the nodes of 7r2 which preserves the apphcation of the deduction 
rules and if p{P h gi ^ Bi) — P h 52 -B2 then 

(i) gi is a variant of 172, and 

(ii) V/3i e Bi 3^2 G B2 such that giPi is a variant of (72/32, and 

(iii) V/32 G ^2 3/3i G Bi such that g2/32 is a variant of (7i/3i. 

This property is a consequence of the fact that: (i) for any program P and goal g, 
there exists at most one rule instance whose conclusion is of the form P h g A 
for some A^ and (ii) our rules for the operational semantics are deterministic, in the 
sense that no choice has to be made when one applies them during the construction 
of a proof, apart from the choice of how to compute the most general unifiers and 
how to rename apart the clauses. 

In particular, any two sets Ai and A2 of answer substitutions for a program 
P and a goal g, are related as follows: ii P 'r g 1-^ Ai and F h 3 1— > ^2 then 
Vai G Ai 3a2 G A2 gai is a variant of ga2 and Va2 G A2 BaiG Ai ga2 is a variant 
of gai. Thus, Ai and A2 are equally general with respect to g. The same property 
holds also for any two sets of computed answer substitutions which are constructed 
by LD-resolution (recall that by LD-resolution we can construct different sets of 
computed answer substitutions by choosing different most general unifiers and dif- 
ferent variable renamings). 

Notice that, ii P \- g 1-^ Ai and P h g ^ A2 hold, then Ai and A2 may 
have different cardinality. Indeed, let us consider the program P consisting of the 
following clause only: 

p{X, Y,Z)^{X^YAZ=Y)\/{X = ZAY = Z) 

In this case, since both Z/Y and Y/Z are most general unifiers oi Y = Z, 
we have that both P h p{X, Y,Z) {{X/Y,Z/Y}, {X/Z, Y/Z}} and P h 
p{X, Y,Z) ^ {{X / Y , Z / Y}} hold. Notice also that the substitution 
is more general than the substitution {X/Z, Y/Z} and vice versa. 

(3) li P \- g A and -d A, then the domain of is a subset of vars{g). 

(4) In the presentation of the deduction rules for the ternary relation P \~ g 1-^ A, 
the program P never changes and thus, it could have been omitted. However, the 
explicit reference to P is useful for presenting our Correctness Theorem (see The- 
orem |21 in Section EJ. 

(5) We assume that in any relation P \- g 1-^ A, the program P and the goal g have 
consistent types, that is, the type of every function and predicate symbol should be 
the same in P and in g. For instance, if _P = {p{G) ^} where G is a goal variable, 
then P \- p{Q) t-^ {e} does not hold, because in the program P the predicate p has 
type bool — > bool, while in the goal p{0) the predicate p has type term bool. 
Moreover, for any relation P \- gi Ai occurring in the proof oi P \- g A, we 
have that program P and goal gi have consistent types. 

Now we discuss the relationship between LD-resolution and the operational se- 
mantics defined in this section. Apart from the style of presentation (usually LD- 
resolution is presented by means of the notions of LD-derivation and LD-tree ( |Apt 19971 
|Lloyd 1987| )), LD-resolution differs from our operational semantics only in the treat- 
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ment of goal equality. Indeed, by using LD-resolution, the goal equality gi = g2 is 
evaluated by applying the ordinary unification algorithm also in the case where gi 
is not a goal variable or gi is a goal variable occurring in vars{g2)- In contrast, 
according to our operational semantics, a goal of the form gi — g2 is evaluated by 
unifying gi and g2, only if gi is a variable which does not occur in vars{g2) (see 
rule (geq) above). 

Thus, if a goal g is safe in P, then the evaluation of g according to our operational 
semantics agrees with the one which uses LD-resolution in the following sense: if 
g is safe in P, then there exists a set A of answer substitutions such that P h 
g 1-^ A holds iff: (i) all LD-derivations starting from g and using P are finite 
(that is, g universally terminates in P ( |Apt 1997| IVasak and Potter 1986|l 'l. and 
(ii) A is the set of the computed answer substitutions obtained by LD-resolution. 
Point (i) follows from the fact that in our operational semantics, the evaluation of 
a disjunction of goals (see the (or) rule) requires the evaluation of each disjunct. 
Thus, in order to compute the relation P \- g ^ A in the case where g is safe in P, 
we can use any ordinary Prolog system which implements LD-resolution. 

Notice that, given a program P and a goal g, if the LD-tree has an infinite LD- 
derivation, then no set A of answer substitutions exists such that P \- g A. In 
particular, for the program P = {p{0) <— , p{X) <— p{X)} no A exists such that 
P h p{X) 1-^ A, while the set of computed answer substitutions constructed by 
LD-resolution for the program P and the goal p{X) is the singleton consisting of 
the substitution {X/0} only. 

It may also be the case that a goal g is not safe in a program P (thus, there 
exists no set A of answer substitutions such that P h g i-^ A holds) while, by 
using LD-resolution, g succeeds or fails in P. For instance, for any program and for 
any two distinct nuUary predicates p and q, (i) the goal p = p is not safe, while it 
succeeds by using LD-resolution and (ii) the goal p = q is not safe, while it fails by 
using LD-resolution. 

We recall that our interpretation of goal equality is motivated by the fact that 
we want the operational semantics to be preserved by program transformations 
and, in particular, by unfolding. As already shown in the Introduction, unfortu- 
nately, unfolding does not preserve the operational semantics based on ordinary 
LD-resolution. 

The following Proposition^ establishes an important property of our operational 
semantics. This property is useful for the proof the correctness results in Sectional 
(see Theorem |2l . The proof of this proposition is similar to the one in the case 
of LD-resolution for definite programs (see, for instance, l |Lloyd 1987| )) and will be 
omitted. 

Proposition 1 

Let P be a program, g be an ordinary goal, and ^ be a set of substitutions such 
that P h 9 I— > j4. Then, for all -d G Subst, the following hold: 

(i) gii) terminates, that is, either P h g-d \, true or P h g-d I false, and 

(11.1) P \- g-d I true iff there exists a ^ A such that gd is an instance of 170;, and 

(11.2) P \- g-d I false iff it does not exist a & A such that gi} is an instance of ga. 
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Let us conclude this section by introducing the notions of refinement and equivalence 
between programs which we will use in Section |B1 to state the weak and strong 
correctness of the program transformations that can be realized by applying our 
transformation rules. These rules are presented in the next section. 

Definition 1 {Refinement and Equivalence) 

Given two programs Pi and P2, we say that P2 is a refinement of Pi, written 
Pi C P2, iff for every ordinary goal g and for every A e P{Subst), it Pi ^ g ^ A 
then there exists B G P{Subst) such that: 

(1) P2 ^ g ^ B and 

(2) A and B are equally general with respect to g. 

We say that Pi is equivalent to P2, written Pi = P2, iff Pi E P2 and P2 ^ Pi- 



Remark 1 

Recall that Condition (2) can be written as 
sense we will say that if Pi C P2 and the 
the most general answer substitutions for 
variable renaming. 



mostgen{A, g) mostgen{B , g). In this 
ordinary goal g terminates in Pi, then 
g are the same in Pi and P2, modulo 

□ 



Remark 2 

Pi C P2 implies that, for every ordinary goal 

- if (? succeeds in Pi then g succeeds in P2, and 

- if g fails in Pi then g fails in ^2- D 

Theorem 121 stated in Section |^ shows that, if from program Pi we derive program 
P2 by using our transformation rules and suitable conditions hold, then Pi Q P2 - In 
this case we say that the transformation is weakly correct. If additional conditions 
hold, then we may have that Pi = P2 and we say that the transformation is strongly 
correct. 

In Section El we will also show that our transformation rules preserve safety, that 
is, if from program Pi we derive program P2 by using the transformation rules and 
goal g is safe in Pi, then goal g is safe also in P2. 



5 The Transformation Rules 

In this section we present the transformation rules for our extended logic language. 
We assume that starting from an initial program Pq we have constructed the trans- 
formation sequence Pq, . . . ,Pi (|Pettorossi and Proietti 1994IITamaki and Sato 1984|l . 
By an application of a transformation rule, from program Pi we derive a new pro- 
gram Pj+i. 

Rule Rl {Definition Introduction) 

We derive the new program P^+i by adding to program Pi a new clause, called a 
definition, of the form: 

newp{Vi, . . . , Vm) ^ g 
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where: (i) newp is a new non-primitive predicate symbol not occurring in any pro- 
gram of the sequence Pq, . . . , Pi, (ii) the non- primitive predicate symbols occurring 
in g are defined in Pq, and (iii) Vi, . . . , Vm are some of (possibly all) the distinct 
variables occurring in g. 

The set of all definitions introduced during the transformation sequence Pq, . . . , Pi, 
is denoted by Defi. Thus, Defo — 0. 

Rule R2 ( Unfolding) 

Let ci: /i <— body[p{ui, . . . , Um)] be a renamed apart clause in program Pi where 
p is a non-primitive predicate symbol. Let d: p{Vi,. . . , Vm) <— 5 be a clause in 
Pq U Defi. By unfolding ci w.r.t. p{ui, . . . , Um) using d we derive the new clause 
C2: h ^ body[g{ Vi/ui, . . . , Vm/um}]- We derive the new program Pi+i by replacing 
in program Pi clause ci by clause C2. 

Rule R3 [Folding) 

Let ci: h <— bodylgd] be a renamed apart clause in program Pi and let d: 
p{Vi,...,Vm) ^ g he a clause in Defi. Suppose that, for every local variable 
V of g in d, we have that: 

(1) V'd is a local variable of gd in ci, and 

(2) the variable Vd does not occur in Wd, for any variable W occurring in g 
and different from V . 

Then, hy folding c\ using d we derive the new clause C2: h body[p{ Vi, . . . , Vm)'&]. 
We derive the new program Pi+i by replacing in program Pi clause ci by clause C2. 

In order to present the goal replacement rule (see rule R4 below) we introduce 
the notion of replacement law. Basically, a replacement law denotes two goals which 
can be replaced one for the other in the body of a clause. We have two kinds of 
replacement laws: the weak and the strong replacement laws, which ensure weak 
and strong correctness, respectively (see the end of this section for an informal 
discussion and Section for a formal proof of this fact). 

First we need the following definition. 

Definition 2 (Depth of a Deduction Tree) 

Let T be a finite deduction tree and let m be the maximal number of applications 
of the (at) rule in a root-to-leaf path of r. Then we say that r has depth m. 
Let TT be a proof for P h g t-^ A, for some program P, goal g, and set A of 
substitutions, and let m be the depth of tt. If ^ we write P \- g false; 
otherwise, if ^47^0 we write P h g j„j true. 

Recall that, given a program P and a goal g, if for some set A of substitutions 
there exists a proof for P h g A, then the proof is unique up to isomorphism. 
In particular, given a proof for P \- g 1-^ Ai and a proof for P h g 1-^ A2, they 
have the same depth. 

Definition 3 [Replacement Laws) 

Let P be a program, let 171 and g2 be two goals, and let F be a set of variables, 
(i) The relation P h yv{gi — > (72) holds iff for every goal context g[_] such that 
vars{g[-]) fl vars{gi, g2) ^ V, and for every b G {true, false], we have that: 
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if F h i b then P h g[g2] i b. (f) 

(ii) The relation P h "iV {gi — ^ 32), called a weafc replacement law, holds iff 
for every goal context g[J\ such that vars(g[_]) D vars[gi, g2) C V, and for every 
b € {true, false}, we have that: 

if P \- g[gi] Im b then P h g[g2] i„ 6 with m>7i. (ft) 

(iii) The relation _P h VV^ ((^i (^2), called a strong replacement law, holds iff 
P h ((71 ^ 52) and P h (.92 ^ 51). 

(iv) We write P h \/V {gi 32) to mean that the strong replacement laws 
P h (31 52) and P h (.92 ^ ,91) hold. 

If = then P \- yv {gi ^ c/2) is also written as P h gi g2. U V = 
{Vi,..., Vn} thenP h \fV {gi^ 32) is also written as F h yVi,...,Vn [gi ^ c/2)- 
If V ~vars{gi, g2) then P \- "iV {gi 52) is also written as f h \/ {gi 32)- 

A few comments on the above Definition |31 are now in order. 

(1) In the relation P h V 1^(51 — > g-i) we have used the set Y of universally 
quantified variables as a notational device for indicating that when we replace g\ 
by g2 in a clause h <— body\g\\, the variables in common between h ^ body[J\ and 
{911 92) are those in V (see the goal replacement rule R4 below). Thus, vars{gi) — V 
is the set of the local variables of 51 in /i <— body[gi] and vars{g2) — is the set of 
the local variables of g2 in h ^ body[g2]. 

(2) Implication (f[) implies Implication (f). 

(3) Every strong replacement law is also a weak replacement law. 

(4) If P h (51 ^ 52) then there exists Ai € V{Subst) such that P h gi ^ Ai 
has a proof of depth m iff there exists A2 G V{Subst) such that P K .92 j42 has 
a proof of depth m. Moreover, if both proofs exist, Ai = % iff ^2 = 0- 

The properties listed in the next proposition follow directly from Definition 13 
Proposition 2 

Let P be a program, let gi and g2 be goals, and let F be a set of variables. 

(i) P h MV {gi — > (72) holds iff for every goal context g[_] such that vars{g[J\) n 
vars{gi, 32) Q V, P h VW {g[gi] — > didi]) holds, where W = V U vars{g[_]). 

(ii) P h yV{gi — > 52) holds iff P h V 1^(31 — > 52) holds, where W ^ V H 
vars{gi,g2). 

(iii) P^ yV{gi — > g2) holds iff for every W C V,P'^\IW{gi — > ,92) holds. 

(iv) P h yv {gi — > 52) holds iff for every substitution d such that vars{'d) n 
vars{gi, 92) ^ T^, P ^ VH^ (911? — > 52"!^) holds, where — vars{V'd). 

(v) P h VV^(9i — > 32) holds iff for every renaming substitution p such that 
vars{p) nV" = 0, PhVF (gip — > 92/9) holds. 

The properties obtained from (i) - (v) by replacing — > by are also true. 

We will refer to them as Properties (i') - (v'), respectively. 
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Definition ^ 

We say that a weak replacement law P h "iV [gi 32) (or a strong replacement 
law P \~ \IV i^g\ (72)) "preserves safety iff for every goal context g[J\ such that 
vars{g[-\) H vars{gi, (72) ^ T^, we have that: 

if g\gi\ is safe in P then (?[(?2] is safe in P . 
Rule R4 (Goal Replacement) 

Let ci: ft <— body[gi] be a clause in program Pi and let 52 be a goal such that: 
(i) all non-primitive predicate symbols occurring in gi or 52 are defined in Pq, and 
either (u.l) Pq h VF(ffi ^ 32), or (ii.2) Pq ^ VF(<?i ^ 52), where V = 
vars(h, body[J\) fl vars{gi, g2). 

By (;oa/ replacement we derive the new clause C2: /i •<— &odj/[(72], and we derive the 
new program P^+i by replacing in program Pi clause ci by clause 02- 
In case (ii.l) we say that the goal replacement is based on a weak replacement law. 
In case (ii.2) we say that the goal replacement is based on a strong replacement 
law. We say that the goal replacement preserves safety iff it is based on a (weak or 
strong) replacement law which preserves safety. 

Implication (f[) of Definition|3|makes and to be improuemeni relations 
in the sense of USands 1996|l . As stated in Theorem[51of SectionEl Imphcation (fj-) 
is required for ensuring the weak correctness of a goal replacement step, while Im- 
plication (I) of Definition|31does not suffice. This fact is illustrated by the following 
example. 

Example 6 

Let us consider the program Pi. 

1. p ^ q 
2. 

We have that Pi\- q — > p and thus, Implication (f ) holds by taking 171 to be g, 52 
to be p, and g[J\ to be the empty goal context. The replacement of g by p in clause 
1 produces the following program P2 '■ 
1*. p ^ p 

2. q^ 

This replacement is not an application of rule R4, because Implication (f[) does not 
hold. (Indeed, we have that the depth of the proof for Pih q^ {e} is smaller than 
the depth of the proof for Pi h p 1— > {e}). The transformation from program Pi to 
program P2 is not weakly correct (nor strongly correct), because p succeeds in Pi, 
while p does not terminate in P2, and thus, it is not the case that Pi □ P2. □ 

The reader may check that, for any program P, and goals 5, gi, g2, and 53, we 
have the following replacement laws. It can be shown that these replacement laws 
preserve safety. 
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1. Boolean Laws: 

Phy{gAtrue ^ g) P h V (g A g ^ g) 

P\- y {true A g g) P h V (.g V g g) 

P h V [true V g ^ true) P h V (gi V 32 *^ 52 V gi) 

P h V (ff A false ^ false) P h V {{gi A 52) V (ffi A 33) ^ 5i A (52 V 53)) 

P h V (/a/se A <? ^ /aZse) P h V ((ffi A (72) V (53 A (72) ^ (51 V 53) A 52) 

P h V {false y g ^ g) P h V ((<?i V 32) A (<?i V 33) ^ 5i V (52 A 53)) 

In the following replacement laws 2.1 and 2.2, according to our conventions, V 
stands for either an individual variable or a goal variable, and u stands for cither a 
term or a goal, respectively. 

2.1 Introduction and elimination of equalities: 

Ph yU{g[u\ ^ {{V = u) Ag[V])) where U = vars{g[u]) and V ^U. 

2.2 Rearrangement of equalities: 

P^yU{g[{V = u)Ag,] ^ {{V = u) A g[g,])) 

where U — vars{g[gi\^ u) and V ^ U . 

When referring to goal variables, laws 2.1 and 2.2 will also be called 'Introduction 
and elimination of goal equalities' and 'Rearrangement of goal equalities', respec- 
tively. 

3. Rearrangement of term equalities: 
Ph y{g A{ti = t2) ^ {t, = t2)Ag) 

4. Clark Equality Theory (also called GET, see ( |Lloyd 1987| )): 

P h VX {eqi ^ eq2) if GET h VX (3 F eq^ ^ 3Z eq^) 

where: (i) eqi and eq2 are goals constructed by using true, false, term equalities, 
conjunctions, and disjunctions, and (ii) Y — {vars{eqi)^X) and Z —{vars{eq2)—X). 

Notice that, for some program P and for some goals g, gi, g2, and 53, the following 
do not hold: 

P h V {true — > true V g) 

P h V {false — > g A false) 

Ph y{{ti^t2)Ag^gA{ti^t2)) 

^ ^ V (51 V (52 A 53) {91 V 52) A (51 V 53)) 

P ^ yV{g2[gi] ^ g2[G] A {G^gi)) where V = vars{g2[gi]) and G ^ F 

PhyV{g[{G^g,)Ag2] ^ (G = 5i) A 5M) 

where V = {vars{g[g2\: gi) ~ {G}) and G e vars{g[.], gi) 
Ph V(5[(G = 5i) A52] -^{G^gi)Ag[g2]) where G vars{g[.], gi) 

Let us now make some remarks on the goal replacement rule. 

In the Weak Gorrectness part of Theorem |2(see Section (S)) we will prove that if 
program P2 is derived from program Pi by an application of the goal replacement 
rule based on a weak replacement law, then P2 is a refinement of Pi, that is. 
Pi C P2. Thus, there may be some ordinary goal g which either succeeds or fails 
in P2, while g does not terminate in Pi, as shown by the following example. 
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Example 7 

Let us consider the following two programs Pi and P2, where P2 is derived from 
Pi by applying the goal replacement rule based on the weak (and not strong) 

replacement law Pi h {true V g true): 

Pi. P ^ true V g P2'- P *— true 

q<- q q<- q 

We have that p does not terminate in Pi and p succeeds in P2 . 
Next, let us consider the following programs: 

P3: p ^ q A false P4: p ^ false 

q^ q q ^ q 

where P4 is derived from P3 by a goal replacement rule based on a weak (and 

not strong) replacement law P \- \/ {g A false false). We have that p does not 
terminate in P3, while p fails in P4. □ 

In the Strong Correctness part of Theorem [5] we will prove that if program P2 is 
derived from program Pi by an application of the goal replacement rule based on 
a strong replacement law, then Pi and Pi are equivalent, that is Pi = P2. Thus, in 
particular, for any goal g., g terminates in Pi iff g terminates in P2. 

Moreover, in Theorem |31 of Section |^ we will prove that if program P2 is derived 
from program Pi by goal replacements which preserve safety, then every goal which 
is safe in Pi, is safe also in P2. 



6 Correctness of Program Transformations 

The unrestricted use of our rules for transforming programs may allow the con- 
struction of incorrect transformation sequences, as the following example shows. 

Example 8 

Let us consider the following initial program: 

Pq: P ^ q 

q ^ 

By two definition introduction steps, we get: 
Pi: p^q 

q ^ 

newpl ^ q 
newp2 «— q 

By three folding steps, from program Pi we get the final program: 
P2: P <— newpl 
q ^ 

newpl newp2 
newp2 newpl 

We have that p succeeds in Pq, while p does not terminate in P2. □ 
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In this section we will present some conditions which ensure that every transfor- 
mation sequence Pq, . . . , Pk constructed by using our rules, is: 

(i) weakly correct, in the sense that Pq U Defk ^ Pk (see Point (1) of Thcorcm|21l, 

(ii) strongly correct, in the sense that Pq IJ Defk = Pk (see Point (2) of Theorem^, 

(iii) preserves safety, in the sense that, for every goal g, ii g is safe in Pq U Defk 
then g is safe also in Pk (see Theorem OJ. 

Similarly to other correctness results presented in the literature HBossi and Cocco 19941 
IPettorossi and Proietti 19941 ISands 19961 ITamaki and Sato 1984|l . some of the con- 
ditions which ensure (weak or strong) correctness, require that the transformation 
sequences are constructed by performing suitable unfolding steps before performing 
folding steps. 

In particular, Theorem |21 below ensures the (weak or strong) correctness of a 
given transformation sequence in the case where this sequence is admissible, that 
is, it is constructed by performing parallel leftmost unfoldings (see Definitional) on 
all definitions which are used for performing subsequent foldings. 

In order to present our correctness results it is convenient to consider admissi- 
ble transformation sequences which are ordered, that is, transformation sequences 
constructed by: 

(i) first, applying the definition introduction rule, 

(ii) then, performing parallel leftmost unfoldings of the definitions that are used for 
subsequent foldings, and 

(iii) finally, performing unfoldings, foldings, and goal replacements in any order. 
Thus, an ordered, admissible transformation sequence has all its definition intro- 
ductions performed at the beginning, and it can be written in the form Pq, . . . , PqU 
Defk T ■ ■ ■ , Pk, where Defk is the set of all definitions introduced during the entire 
transformation sequence Pq, . . . , PqU Defk, ■ ■ ■ , Pk- By Proposition|21 below we may 
assume, without loss of generality, that all admissible transformation sequences are 
ordered. 

In order to prove that an admissible transformation sequence is weakly correct 
(see Point (1) of Theorem|2}, we proceed as follows. 

(i) In Lcmma^we consider a generic transformation by which we derive a program 
NewP from a program P by replacing the bodies of the clauses of P by new bodies. 
We show that, if these body replacements can be viewed as goal replacements based 
on weak replacement laws, then the transformation from P to NewP preserves 
successes and failures, that is, 

- if a goal g succeeds in P then g succeeds in NewP, and 

- if a goal g fails in P then g fails in NewP. 

(ii) Then, in Lemma 13 we prove that in an ordered, admissible transformation 
sequence Pq, . . . , Pq^ Defk, ■ ■ ■ , Pk, any application of the unfolding, folding, and 
goal replacement rule is an instance of the generic transformation considered in 
Lemma n that is, it consists in the replacement of the body of a clause by a new 
body, and this replacement can be viewed as a goal replacement based on a weak 
replacement law. 
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(iii) Thus, by using Lemniatan]and|21we get Point (1) of Theorem^ In particular, 
we have that in any admissible transformation sequence Pq, . . . , Pq U Defk, . . . , Pk, 
successes and failures are preserved, that is: 

- if a goal g succeeds in Pq U Defk then g succeeds in Pk , and 

- if a goal g fails in Pq U Defk then g fails in Pk ■ 

(iv) Finally, Proposition^ allows us to infer the preservation of most general answer 
substitutions from the preservation of successes and failures. Indeed, by Proposi- 
tion ^ and Point (1) of Theorem n we prove that if an ordinary goal g succeeds in 
Pq U Defk then the set of answer substitutions for ^ in Pq U Defk and the set of 
answer substitutions for g in Pk are equally general. 

According to Definition Q Points (iii) and (iv) mean that Pq U Defk ^ Pk, that is, 
the ordered, admissible transformation sequence Pq, . . . , PoUDefk, . . . , Pfc is weakly 
correct (see Point (1) of Theorem I^J . 

In order to prove that an admissible transformation sequence is strongly correct 
(see Point (2) of Theorem |21l, we make the additional hypothesis that all goal 
replacements performed during the construction of the transformation sequence 
are based on strong replacement laws. Analogously to the proof of weak correctness 
which is based on Lemmata ^ and 12 the proof of strong correctness is based on 
Lemmata|21and0]which we give below. By using these lemmata, we prove Point (2) 
of Theorem that is: 

- if a goal g succeeds in Pk then g succeeds in Pq U Defk , and 

- if a goal g fails in Pk then g fails in Pq U Defk ■ 

Finally, by Proposition and Theorem ^ we prove that any admissible transfor- 
mation sequence in which all goal replacements are based on strong replacement 
laws, is strongly correct (see Point (2) of Theorem|2Il, that is, Pq U Defk = Pk- 

Now let us formally define the notions of parallel leftmost unfolding of a clause, ad- 
missible transformation sequence, and ordered admissible transformation sequence 
as follows. 

Definition 5 

Let c be a clause in a program P. If c is of the form: 

p{Vi,..., V^) (ai A 5i) V . . . V (as A 3,) 

where ai, . . . , Os are atoms with non-primitive predicates, gi, . . . , gs are goals, and 
s > 0, then the parallel leftmost unfolding of clause c in program P is the pro- 
gram Q obtained from P by applying s times the unfolding rule w.r.t. ai, . . . , a^, 
respectively. 

If clause c is not of the form indicated in Definition above, then the parallel 
leftmost unfolding of c is not defined. 

Definition 6 

A transformation sequence Pq, . . . , Pk is said to be admissible iff for every h, with 
< h < k, if P/i+i has been obtained from Ph by folding clause c using clause d, 
then there exist i,j, with < i < j < k, such that d ^ Pi and Pj is obtained from 
Pi by parallel leftmost unfolding of d. 
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Definition 7 

An admissible transformation sequence Pqi • ■ ■ j ^fc is said to be ordered iff it is of the 
form Pq, . . . , Pi, . . . , Pj , . . . , Pk^ where: (i) the sequence Pq, Pi is constructed by 
applying the definition introduction rule, (ii) the sequence Pi, . . . , Pj is constructed 
by parallel leftmost unfolding of all definitions which have been introduced during 
the sequence Pq, . . . ,Pi and are used for folding during the sequence Pj, . . . ,Pk, 
and (iii) the definition introduction rule is never applied in the sequence Pj, . . . , Pk- 

Given an ordered, admissible transformation sequence Pq, . . . , Pi, . . . , Pj , . . . , Pk, 
the set of definitions introduced during Pq, Pi is the same as the set of definitions 
introduced during the entire sequence Pq, . . . , Pk, and thus, in the above Definition[7| 
we have that Pi is Pq U Defk ■ 

An admissible transformation sequence Pq, . . . , Pk which is ordered, is also de- 
noted by Pq, . . . , Pi, . . . , Pj , . . . , Pk, where we explicitly indicate the program Pi 
after the introduction of the definitions, and the program Pj after the parallel 
leftmost unfolding steps. 

Proposition 3 

For any admissible transformation sequence PQ,...,Pn there exists an ordered, 
admissible transformation sequence Pq, . . . , Pi, . . . , Pj, . . . , Pk such that P„ = Pk 
and Defn = Defk- 

Now, in order to prove the correctness of transformation sequences, we state the fol- 
lowing LemmataEEllSl and^J whose proofs are given in the Appendix. As already 
mentioned, these LemmatanElEl and^lwill allow us to show that, under suitable 
conditions, for every admissible transformation sequence Pq, . . . , Pk, (i) successes 
and failures are preserved (see Theorem ^ below) , and (ii) weak correctness holds 
(that is, Pq U Defk E Pk) or strong correctness holds (that is, Pq U Defk = Pk) (see 
Theorem El below) . 

Lemma 1 

Let P and NewP be programs of the form: 

P : hdi ^ bdl NewP : hdi ^ newbdi 

hds bds hds ^ newbdg 

For r = 1, . . . , s, let Vr be vars{hdr) and suppose that P \- MVr {bdr newbdr). 
Then, for every goal g and for every b G {true, false}, we have that: 

ii P \- g Im b then NewP h g In b with m > n. 



Lemma 2 

Let us consider an ordered, admissible transformation sequence Pq, . . . , Pi,..., 
Pj,...,Pk, where is Pq U Defk ■ 

(i) For h — i, . . . — l and for any pair of clauses Ci: hd <— bd in program P^ and 
C2: hd <— newbd in program Ph+i, such that C2 is derived from ci by applying the 
unfolding rule, we have that: 
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P, h VV{bd ^ newbd) 
where V — vars{hd). (Notice that the unfolding rule does not change the heads of 
the clauses.) 

(ii) For h — j , . . . , k — 1 and for any pair of clauses ci: hd *^ bd in program Ph and 
C2: /irf <— newbd in program Ph+i, such that C2 is derived from ci by applying the 
unfolding, or folding, or goal replacement rule, we have that: 

P-j h (M ^ newbd) 
where V = vars{hd). (Notice that the unfolding, folding, and goal replacement 
rules do not change the heads of the clauses.) 

Lemma 3 

Let P and NewP be programs of the form: 

P : hdi «— bdi NewP : hdi <— newbdi 

hdg <— bds hds ^ newbdg 

For r = 1, . . . , s, let be vars{hdr) and suppose that P h VVV {newbdr — > bdr). 
Then, for every goal g and for every b € {true^ false}, we have that if NewP \^ g i b 
then P h 5 i 6. 

Notice that Lemma 01 is a partial converse of Lemma ^ These two lemmata im- 
ply that if we derive a program NewP from a program P by replacing the bodies 
of the clauses of P by new bodies, and these body replacements are goal replace- 
ments based on strong replacement laws, then every goal terminates in NewP iff it 
terminates in P . 

Lemma 4 

Let us consider a transformation sequence Pq, . . . , Pk and let Defk be the set of 
definitions introduced during that sequence. For h — 0, . . . , fc — 1 and for any pair 
of clauses Ci: hd ^ bd in program P^ and C2: hd ^ newbd in program Ph+i, such 
that C2 is derived from ci by applying the unfolding rule, or the folding rule, or the 
goal replacement rule based on strong replacement laws, we have that: 

Pq U Defk ^ yV {newbd — > bd) 
where V — vars{hd). 

In particular, as a consequence of Lemma Inland Lemma 0] we have that in any 
ordered, admissible transformation sequence the unfolding and folding rules can be 
viewed as goal replacements based on strong replacement laws. 

The following theorem states that for every admissible transformation sequence 
successes and failures are preserved. 

Theorem 1 [Preservation of Successes and Failures) 

Let Pq, . . . , Pk be an admissible transformation sequence and let Defk be the set 
of definitions introduced during that sequence. Then for every goal g and for every 
b € {true, false}, we have that: 

(1) if Pq U Defk ^ g Im b then Pk g in b with m > n, and 

(2) if all applications of the goal replacement rule are based on strong replacement 
laws and Pk ^ g i b, then Pq U Defk ^ g i b. 
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Proof of Theorem^ 

See Appendix. The proof of (1) is based on Proposition O and Lemmata Q] and 13 
and the proof of (2) is based on Proposition O and Lemmata|3|and21 □ 

The foUowing theorem estabUshes the weak correctness and, under suitable con- 
ditions, the strong correctness of admissible transformation sequences. 

Theorem 2 [Correctness Theorem) 

Let Pq, . . . , Pk be an admissible transformation sequence. Let Defk be the set of 
definitions introduced during that sequence. We have that: 

(1) (Weak Correctness) Po U Defk E Pk, that is, Pk is a refinement of Pq U Defk, 
and 

(2) (Strong Correctness) if all applications of the goal replacement rule are based on 
strong replacement laws then PoUDefk = Pk, that is, Pk is equivalent to PgUDefk- 

Proof of Theorem\^ 

See Appendix. The proof of (1) is based on Proposition^and Theorem^ (Point 1), 
and the proof of (2) is based on Proposition^and Theorem ^ (Points 1 and 2). □ 

The following two examples show that in the statement of Theorem |21 we cannot 
drop the admissibility condition. Indeed, in these examples we construct transfor- 
mation sequences which are not admissible and not weakly correct. 

Example 9 

Let us construct a transformation sequence as follows. The initial program is: 

Pq: p<~pAq 
q ^ false 

By definition introduction we get: 

Pi: p ^ p Aq 
q ^ false 
newp ^ false A p 

Then we perform the unfolding of newp <— false A p w.r.t. p. (Notice that this is 
not a parallel leftmost unfolding.) We get: 

P2: p^pAq 
q <— false 

newp <— false A p A q 

By folding we get the final program: 

P3: p^pAq 
q ^ false 
newp ^ newp A q 

We have that newp fails in Pq U -De/3 (that is. Pi), while newp does not terminate 
in P3. □ 
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Example 10 

Let us construct a transformation sequence as foUows. The initial program is: 

Pq: p ^ false 

q ^ true V q 

By definition introduction we get: 

Pi: p <~ false 

q ^ true V q 
newp ^ pW {p A q) 

Then we perform the unfolding of newp ^ p \/ (p A q) w.r.t. q. (Notice that this is 
not a parallel leftmost unfolding.) We get: 

P2: P false 

q ^ true V q 

newp <— false V (p A {true V q)) 
By goal replacement based on boolean laws we get: 

F3: p ^ false 

q <— true V q 
newp ^ p\/ (p A q) 
By folding we get the final program: 

P4: p ^ false 

q <— true V q 
newp <— newp 

We have that newp fails in Pq U -De/4 (that is, Pi), while newp does not terminate 
in P4. □ 

Finally, the following theorem states that a (possibly not admissible) transfor- 
mation sequence preserves safety, if all goal replacements performed during that 
sequence preserve safety. 

Theorem 3 {Preservation of Safety) 

Let Pq, . . . , Pk be a transformation sequence and let Defk be the set of definitions 
introduced during that sequence. Let us also assume that all applications of the goal 
replacement rule R4 preserve safety. Then, for every goal g, if g is safe in Po U Defk 
then g is safe in Pk- 

Proof of Theorem\^ 

See Appendix. The proof is based on LemmataEl and El given in the Appendix. □ 

We end this section by making some comments about our correctness results. 
Let us consider an admissible transformation sequence Pq, . . . , Pk, during which we 
introduce the set Defk of definitions. Then, by Point (1) of Theorem program 
Pk may be more defined than program Pq U Defk in the sense that there may be 
a goal which terminates (i.e., succeeds or fails) in Pk, while it does not terminate 
in Pq U Defk- This 'increase of termination' is often desirable when transforming 
programs and it may be achieved by goal replacements which are not based on 
strong replacement laws (see, for instance. Example din Section EJ. 
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Now suppose that during the construction of the admissible transformation se- 
quence Pq, ■ ■ ■ ,Pk all applications of the goal replacement rule are based on strong 
replacement laws. Then, by Theorem^we have that for all goals 5, g terminates in 
PoUDefk iff g terminates in Pk- However, safety may be not preserved, in the sense 
that there may be a goal g which is safe in Pq U Defk (but g neither succeeds nor 
fails in Po U Defk ) and g is not safe in Pk (or vice versa) , as shown by the following 
example. 

Example 11 

Let us consider the following two programs Pi and P2'- 

Pi: p^p P2: p^G 

Program P2 is derived from Pi by applying the goal replacement rule based on the 
strong replacement law Pi h p G, which does not preserve safety. We have 
that p is safe, p does not terminate in Pi , and p is not safe in P2 . Notice that the 
replacement law Pi \- p G trivially holds because, for any h G {true, false}, 
Pi\- p I b does not hold and Pi \- Gib does not hold. □ 

In order to ensure that if g is safe in Pi then g is safe in P2, it is enough to 
use replacement laws which preserve safety (see Theorem O. Indeed, unfolding and 
folding always preserve safety (see Lemma in the Appendix). 

We have not presented any result which guarantees that if a goal is safe in the 
final program Pk then it is safe in the program PoUDefk - This result could have been 
achieved by imposing further restrictions on the goal replacement rule. However, 
we believe that this 'inverse preservation of safety' is not important in practice, 
because usually we start from an initial program where all goals of interest are safe 
and we want to derive a final program where those goals of interest are still safe. In 
particular, if in the transformation sequence Pq, . . . , Pk the initial program Pq is an 
ordinary program, then every ordinary goal g is safe in Pq and, by Theorem |21 we 
have that g is safe also in Pk- Thus, as discussed in Section^ we can use ordinary 
implementations of LD-resolution to compute the relation Pk \= g ^ A. 

Notice also that, if PQUDefk E Pk and an ordinary goal g terminates in Pq, then g 
has the same most general answer substitutions in PQUDefk and Pk, modulo variable 
renaming (see Point (i) of Remark^at the end of SectionQJ. However, the set of all 
answer substitutions may not be preserved, and in particular, there are programs 
Pi and P2 such that Pi C P2 and, for some goal g, we have that Pi \- g ^ Ai 
and P2 h g !—>■ A2, where Ai and A2 have different cardinality, as shown by the 
following example adapted from IjBossi et al. 1992'jl . A similar property holds if we 
assume that Pi = P2, instead of Pi Q P2- 

Example 12 

Let us consider the following two programs Pi and P2, where P2 is derived from 
Pi by applying the goal replacement rule based on the weak replacement law 
P h y {g /\ g g), which holds for every program P and and goal g: 

Pi: p{X) ^ q{X) A q{X) P2: p{X) ^ q{X) 

q{X)^X=f{a,Z) q{X)^X^f{a,Z) 
q{X)^ X^f{Y,a) q{X)^X=f{Y,a) 
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We have that: 

Pi h p{X) ^ {{X/f{a, Z)}, {X//(a, a)}, {X/f{ F , a)}}, and 

P2 V- p{X) ^ {{X/f[a, Z)}, y, a)}}. □ 

The above example shows that, if during program transformation we want to pre- 
serve the set of answer substitutions, then we should not apply goal replacements 
based on the replacement law F h V {g A g g) which, however, may be useful 
for avoiding the computation of redundant goals and improving program efficiency. 

Another replacement law which is very useful in many examples of program 
transformation, is the law which expresses the functionality of a predicate. For 
instance, in the Deepest example of Section [3 the depth predicate is functional 
with respect to its first argument in the sense that, for every goal context g[J\, the 
following replacement law holds: 

Deepest h\f{depth{T,X) A g[depth{T, Y)] ^ depth{T,X) A g[X = Y]). 

The following example, similar to Example 1 121 shows that in general the function- 
ality law does not preserve the set of answer substitutions. 

Example 13 

Let us consider the following two programs Pi and P2, where P2 is derived from 
Pi by applying the goal replacement rule based on the (strong) replacement law 

PiV- 'i{g(X,Y)Aq{X,Z) ^ q(X,Y)h Y = Z): 

Pi: p{X)^q{X,Y)Aq{X,Z) P2: piX) ^ q{X , Y) A Y = Z 

q{f{a,Z),b)^ q{f{a,Z),b)^ 
q{f{Y,a),b)^ q{f{Y,a),b)^ 

As in Example 1121 we have that: 

Pi h piX) ^ {{X/fia, Z)}, {X/f{a, a)}, {X/f{ Y, a)}} and 

P2 K P{X) ^ {{X/f{a, Z)}, {X/fi Y, a)}}. □ 

Finally, notice that Theorem |21 ensures the preservation of most general answer 
substitutions for ordinary goals only. Thus, the answer substitutions computed for 
goals with occurrences of goal variables, may not be preserved, as shown by the 
following example. 

Example I4 

Let us consider the following two programs Pi and P2, where P2 is derived from 
Pi by unfolding clause 1 w.r.t. p using clause 2: 

Pi: 1. a{G) (G^p) AG P2: 1*. «((?) ^ (G= g) A G 

2. p ^ q 2. p ^ q 

3. q ^ 3. q <~ 

We have that Pi h a{G) ^ {{G/p}}, and P2 h a(G) ^ {{G/q}}. □ 
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7 Program Derivation in the Extended Language 

In this section we present some examples which illustrate the use of our transfor- 
mation rules. In these examples, by using goal variables and goal arguments, we 
introduce and manipulate continuations. For this reason we have measured the im- 
provements of program efficiency by running our programs using the BinProlog con- 
tinuation passing compiler IjTarau 1996p . These run-time improvements have been 
reported in Section 17.61 Compilers based on different implementation methodolo- 
gies, such as SICStus Prolog, may not give the same improvements. However, it 
should be noticed that the efficiency improvements we get, do not come from the 
use of continuations, but from the program transformations performed by apply- 
ing our transformation rules (see Section O. Indeed, in BinProlog the continuation 
passing style transformation in itself gives no speed-ups. 

Let us introduce the following terminology which will be useful in the sequel. We 
say that: (i) a clause is in continuation passing style iff its body has no occurrences 
of the conjunction operator, and (ii) a program is in continuation passing style iff all 
its clauses are in continuation passing style. Thus, every program in continuation 
passing style is a binary program in the sense of Tarau and Boyer that is, 

a program with at most one atom in the body of its clauses. 

When writing programs in this section we use the following primitive predicates: 
=, ^, >, and <. For the derivation of programs in continuation passing style, we 
assume that, for each of these predicates there exists a corresponding primitive 
predicate with an extra argument denoting a continuation. Let us call these predi- 
cates eg_c, diff_c, geq_c, and lt_c, respectively. 

We assume that, for every program P, the following strong replacement laws 
hold: 

Ph\/{{X^Y)AC ^ eq_c{X, Y, C)) 
Ph\/{{Mj^N)AC ^ dijf_c{M, N, C)) 
P h V ((M > TV) A C ^ geq-c{M, N, C)) 
Ph\/{{M<N)AC ^ lt_c{M, N, C)) 

In this section we use the following syntactical conventions: 

(1) the conjunction operator A is replaced by comma, 

(2) a clause of the form h ^ giV g2 is also written as two clauses, namely, h ^ gi 
and /i <— and 

(3) a clause of the form h ^ {V = u)^ g where the variable V does not occur in 
the argument m, is also written as {h <— g){V /u\. 

7.1 Tree Flipping 

This example is borrowed from ( |j0rgensen et al. 1997| ) where it is used for showing 
that conjunctive partial deduction may affect program termination when trans- 
forming programs for eliminating multiple traversals of data structures. A similar 
problem arises when multiple traversals of data structures are avoided by apply- 
ing Tamaki and Sato's unfold/fold transformation rules l|Tamaki and Sato 1984|l 
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according to the tupling strategy (see Section In this example by using goal 
arguments and introducing continuations, we are able to derive a program in con- 
tinuation passing style which eliminates multiple traversals of data structures and, 
at the same time, preserves universal termination. 

Let us consider the initial program FlipCheck: 

1. flipcheck{X,Y) ^ flip{X,Y), check{Y) 

2. fltp{l{N)J{N)) ^ 

3. flip{t{L, N, R), t{FR, N, FL)) ^ flip{L, FL), fiip{R, FR) 

4. check{l{N)) ^ nat{N) 

5. check{t{L,N,R)) ^ nat{N), check{L), check{R) 

6. nat{0) ^ 

7. nat{s{N)) ^ nat{N) 

where: (i) the term 1{N) denotes a leaf with label and the term t{L, N, R) denotes 
a tree with label N and the two subtrees L and R, (ii) nat{X) holds iff X is a natural 
number, (iii) check{X) holds iff all labels in the tree X are natural numbers, and 
(iv) flip{X, Y) holds iff the tree Y can be obtained by flipping all subtrees of the 
tree X. 

We would like to transform this program so to avoid the double traversal of trees 
(see the double occurrence of Y in the body of clause 1). By applying the tupling 
strategy (or, equivalently, conjunctive partial deduction)^ we derive the following 
program FlipCheckl: 

8. fIipcheck{l{N), 1{N)) ^ nat{N) 

9. flipcheck{t{L,N,R),t{FR,N,FL)) ^ nat{N), 

flipcheck{L, FL), fHpcheck(R, FR) 

Program FlipCheckl performs only one traversal of any input tree which is the first 
argument of fiipcheck. However, as already mentioned, FlipCheckl does not preserve 
termination. Indeed, the goal fiipcheck {t {I {N),0, 1(a)), Y) fails in FlipCheck, while 
this goal does not terminate in the derived program FlipCheckl. 

Now we present a second derivation starting from the same program FlipCheck 
and producing a final program FlipCheck2 which: (i) is in continuation passing 
style, (ii) traverses the input tree only once, and (iii) preserves termination. During 
this second derivation we introduce goal arguments and we make use of the trans- 
formation rules introduced in Section The initial step of this derivation is the 
introduction of the following new clause: 

10. newp{X,Y,G,C,D) ^ flip{X,Y), G = (check (Y), C), D 

As already mentioned, in this paper we do not illustrate the strategies needed for 
guiding the application of our transformation rules and, in particular, we do not 
indicate how to construct the new definitions to be introduced, such as clause 10 
above. For clause 10 we notice that: (i) by introducing a definition with the goal 
equality G = {check{Y), C), instead of the goal check{Y), we will be able to apply 
the folding rule by first performing leftward moves of goal equalities, instead of 
(possibly incorrect) leftward moves of goals, and (ii) by introducing the continu- 
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ations C and D, we will avoid the expensive use of the conjunction operator for 
constructing goal arguments. 

We continue our derivation by unfolding clause 10 w.r.t. flip{X , Y) and we get: 

11. newp{l{N)J{N),G,C,D) ^ {G = {check{l{N)),C)), D 

12. newplt{L, N, R), t{FR, N, FL), G, G, D) ^ flip{L, FL), flip{R, FR) 

{G = {check{t{FR,N,FL)),G)), D 

We then unfold clauses 11 and 12 w.r.t. the c/iecfc atoms, and after some applications 
of the goal replacement rule based on boolean laws and GET, we get: 

13. newp{l{N),l{N),G,G,D) ^ G = {nat{N),G), D 

14. newplt{L, N, R), t{FR, N, FL), G, G, D) ^ flip{L, FL), flip{R, FR), 

{G = {nat{N),check{FR), check{FL), G)), D 

By introducing and rearranging goal equalities (see laws 2.1 and 2.2, respectively, 
in Section EJ, we transform clause 14 into: 

15. newp{t{L,N,R),t{FR,N,FL),G,G,D) <- flip{L,FL), U = {check {FL), G), 

flip{R,FR), V = {check{FR),U), {G^{nat{N), V)), D 
Now we fold twice clause 15 using clause 10 and we get: 

16. newp{t{L, N, R), t{FR, N, FL), G, G, D) ^ 

newp{L,FL, U, G,newp{R,FR, V, U ,{G^{nat{N), V),D))) 

In order to express flipcheck in terms of newp we introduce a goal equality into 
clause 1 and we derive: 

17. flipcheck{X,Y) ^ flip{X,Y), G = {check (Y), true), G 
Then we fold clause 17 using clause 10 and we get: 

18. flipcheck{X, Y) ^ newp{X, Y, G, true, G) 

The program we have derived so far consists of clauses 13, 16, and 18. Notice that 
clauses 13 and 16 are not in continuation passing style because the conjunction 
operator occurs in their bodies. In order to derive clauses in continuation passing 
style we introduce the following new definition: 

19. nat_c{N, C) <- nat{N), G 

By unfolding, folding, and goal replacement steps based on the replacement law 
FlipGheck h V((X = Y), C ^ eq_c{X , Y, C)), we derive the following final 
program FlipGheck2: 

18. flipcheck{X, Y) ^ newp{X, Y, G, true, G) 

20. newp{l{N), 1{N), G, G, D) ^ eq_c{G, nat_c{N, C),D) 

21. newp{t{L, N, R), t{FR, N, FL), G, G, D) ^ 

newp{L,FL, U, G, newp{R,FR, V, U, 
eq_c{G,nat_c{N, V),D) )) 

22. nat_c{0, C) ^ C 

23. nat_c{s{N), G) ^ nat_c{N , C) 

Program FlipGheck2 traverses the input tree only once. Moreover, Theorem ^ en- 
sures that, for every goal g of the form flipcheck {ti, 12), where ti and t2 are any 
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two terms, g terminates in FlipCheck iff g terminates in FlipCheck2 (see aiso Sec- 
tion for a more detaiied discussion of tlie correctness properties of our program 
derivations). 

7.2 Summing the Leaves of a Tree 

Let us consider tfie foliowing program TreeSum tiiat, given a binary tree t wliose 
leaves are labeled by natural numbers, computes the sum of the labels of the leaves 
of t. 

1. treesum{l{N),N) <- 

2. treesum{t{L,R),N) ^ treesum{L,NL), treesum{R, NR), plus{NL, NR, N) 

3. plus{Q,X,X) 

4. plus{s{X), F, s{Z)) ^ plus{X, F, Z) 

By using Tamaki and Sato's transformation rules, from program TreeSum we may 
derive a more efficient program with accumulator arguments. In particular, during 
this program derivation we introduce the following new predicate: 

5. acc_ts{T, Y,Z) ^ treesum{T, X), plus{X, Y , Z) 

We also use the associativity of the predicate plus, that is, we use the following 
equivalence which holds in the least Her brand model M (TreeSum) of the given 
program TreeSum: 

M (TreeSum) ^ V XI, X2, X3, S (31 (plus(Xl, X2, 1), plus(I , X3, S)) ^ 

3J (plus(Xl, J, S), plus(X2, X3, J))) 

During the derivation, we also make suitable goal rearrangements needed for per- 
forming foldings that use clause 5. We derive the following program TreeSuml. 

6. treesum(l(N),N) ^ 

7. treesum(t(L,R),N)<-acc_ts(L,NR,N), treesum(R, NR) 

8. acc_ts(l(N),Acc, Z) <- plus(N , Acc, Z) 

9. acc_ts(t(L, R), Acc, N) ^ acc_ts(L, Acc, NewAcc), acc_ts(R, NewAcc, N) 

The least Herbrand models of programs TreeSum and TreeSuml define the same 
relation for the predicate treesum. However, the two programs do not have the 
same termination behaviour. For instance, the goal treesum(t(l(N),0), Z) fails in 
TreeSum while it does not terminate in TreeSuml . 

By introducing goal arguments and using the transformation rules presented in 
Section \^ we are able to derive a program which: (i) is in continuation passing 
style, (ii) preserves termination, and (iii) is asymptotically more efficient than the 
original program TreeSum. Our derivation begins by introducing the following new 
clause: 

10. gen_ts(T,Y,Z,G,C,D) ^ treesum(T,X), (G = (plus(X , Y , Z), C)), D 
We unfold clause 10 and we get: 

11. gen_ts(l(N),Y,Z,G,G,D) ^ (G = (plus(N,Y,Z),C)), D 

12. gen_ts(t(L, R), Y,Z, G, G,D) ^ treesum(L, LS), treesum(R, RS), 

plus(LS,RS,S), (G=(plus(S,Y,Z),C)), D 
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Now we may exploit the following generalized associativity law for plus: 

TreeSum h yV {{plus{Xl, X2, 1), g[plus{I , X3, S)]) ^ 
(plusiXl, J, S), g[plus{X2, X3, J)])) 

where V = {XI, X2, X3, S} U vars{g[.]) and {/, J} n vars{g[.]) = 0. By this law, 
from clause 12 we get the following clause: 

13. gen_ts{t{L, R), Y,Z, G, C,D) <— treesum{L, LS), treesum{R, RS), 

plusiLS,Sl,Z), {G = {plus{RS,Y,Sl),C)), D 

By introducing and rearranging goal equalities (see laws 2.1 and 2.2 in Sectional), 
we transform clause 13 into: 

14. gen_ts{t{L,R),Y,Z,G,C,D) ^ 

treesum{L,LS), {GL^ {plus{LS , SI, Z), G^GR, D)), 
treesum{R,RS), {GR^ {plus{RS , Y , SI), G)), GL 

In order to derive clauses in continuation passing style we introduce the following 

new definitions: 

15. ts_c{T,N,G) ^ treesum{T,N), G 

16. plus_c{X,Y,Z,G) ^ plus{X,Y,Z), G 

By unfolding clauses 15 and 16 we get: 

17. ts_c{l{N),N,G) G 

18. ts_c{t{L,R),N,G) ^ treesum{L,LN), treesum{R, RN), 

plus{LN,RN,N), G 

19. plus_c{0,X,X,G) ^ G 

20. plus_c{s{X),Y,s{Z),G) ^ plus{X,Y,Z), G 

By introducing and rearranging goal equalities, we transform clause 18 into: 

21. ts_c{t{L, R),N, G) <- treesum{L, LN), {G = {plus{LN , RN, N), G)), 

treesum(R, RN), G 

By folding steps and goal replacements (based on, among others, the replacement 
law TreeSum h V((X = Y), G ^ eq_c{X , Y, G))), we get the following final 
program TreeSum2: 

22. treesum{T, N) ^ ts_c{ T,N, true) 

18. ts_c{l{N),N ,G) ^ G 

23. ts_c{t{L, R),N, G) ^ gen_ts{L, RN, N, G, G, ts_c{R, RN, G)) 

24. gen_ts{l{N), Y, Z, G, G, D) ^ eq_c{G, plus_c{N , Y, Z, G), D) 

25. gen_ts{t{L, R), Y, Z, G, G, D) ^ gen_ts{L, SI, Z, GL, eq_c{G, GR, D), 

gen_ts{R, Y, SI, GR, G, GL)) 

19. plus_c{0,X,X,G) ^ G 

20. plus_c{s{X), Y, s{Z), G) ^ plus_c{X, Y, Z, G) 

This final program TreeSum2 is more efficient than TreeSum. Indeed, in the worst 
case, TreeSum2 takes 0{n) steps for solving a goal of the form treesum{t, N), where 
i is a ground tree and s" (0) is the sum of the labels of the leaves of t, while the initial 
program Tree5'um takes 0(v?) steps. Moreover, by our Theorem^of Sectional for 
every goal g of the form treesum{ti, t2), where ti and t2 are any terms, g terminates 
in TreeSum iff g terminates in TreeSum2 (see also Section Wl^ . 
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7.3 Matching a Regular Expression 

Let us consider the following matching problem: given a string S in {0, 1,2}*, we 
want to find the position N of an occurrence of a substring P of 5 such that P 
is generated by the regular expression 0*1. The following program RegExprMatch 
computes such a position: 

1. match{S,N) ^ pattern{S), N^O 

2. match{[C\S],N) ^ char{C), match{S,M), plus{s{0),M,N) 

3. pattern{[0\S]) ^ pattern{S) 

4. pattem{[l\S]) ^ 

5. char{0) 

6. char{l) ^ 

7. char{2) ^ 

8. plus{Q,X,X)^ 

9. plus{s{X), Y, s{Z)) ^ plus{X, Y, Z) 

If we assume the depth-first, left-to-right evaluation strategy of Prolog, the running 
time of this program RegExprMatch is 0{n^) in the worst case, where n is the 
length of the input string. For a goal of the form match{s, N), where s is a ground 
string made out of n O's, the program RegExprMatch performs one resolution step 
using clause 1 for the call to match, and then n resolution steps using clause 3 for 
the successive calls to pattern. When the computation backtracks, for the successive 
call of match{sl, N), where si is the tail of s, the program RegExprMatch performs 
again n — 1 resolution steps using clause 3. 

By using the transformation rules of Sectional we now present the derivation of 
a new program RegExprMatchl which: (i) is in continuation passing style, (ii) pre- 
serves termination, and (iii) is asymptotically more efficient than the original pro- 
gram RegExprMatch. Indeed, program RegExprMatchl avoids the redundant res- 
olution steps performed by RegExprMatch using clause 3. For our derivation we 
introduce the following new predicates with goal arguments which are continua- 
tions: 

10. match_c{S, N, C) ^ match{S, N), C 

11. newp{S,N, CI, C2) ^ {pattern{S), CI) V {match{S,N), C2) 

12. plus_c{X,Y ,Z,C) ^ plus{X,Y ,Z), C 

By unfolding clauses 10, 11, and 12 we get: 

13. match_c{[Q\S], N , C) ^ {pattern{S), N = 0, C) V 

{match{S,M),plus{s{0),M,N), C) 

14. match_c{[l\S], N , C) ^ (7V = 0, C) V 

{match{S,M),plus{s{0),M,N), C) 

15. match_c{[2\S], N , C) ^ match{S , M), plus{s{0), M , N), C 

16. newp{[Q\Si N , CI, C2) {pattern{S), CI) V 

{pattern{S),N = Q, C2) V 
{matches, M),plus{s{0),M,N), C2) 
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17. newp[[l\S], N, CI, C2) ^ CI V 

(7V = 0, C2) V 

{match{S, M), plus{s{0), M, N), C2) 

18. newp{[2\S], N , CI, C2) ^ match{S , M), plus{s{0), M , N), C2 

19. p/iis_c(0,X,X, C) ^ C 

20. p/Ms_c(s(x), y,s(z),c) ^pks(x, c 

By goal replacement using boolean laws, from clause 16 we get: 

21. newp{[0\S],N,Cl,C2) ^ {pattern{S), {CI V (7V = 0, C2))) V 

{match{S,M),plus{s{0),M,N), C2) 

By performing folding and goal replacement steps (based on the replacement law 
RegExprMatch h V((X = F), C eq_c{X, Y, C)) and other laws), we derive 

the following program RegExprMatchl: 

22. match{S , N) ^ match_c{S , N , true) 

23. match_c{[0\S],N, C) ^ newp{S,M, eq_c{N,0, C), pZws_c(s(0), M, TV , C)) 

24. mate/i_c([l|5],Af, C) ^ eg_c(7V,0, C) 

25. mote/i_c([l|5], Af, C) ^ match_c{S, M, plus_c{s{0), M, N, C)) 

26. match_c{[2\S],N, C) ^ match_c{S, M, plus_c{s{0), M, TV, C)) 

27. «ewp([0|5],Af, CI, C2) 

newp(5,M, (CI V eq_c{N,0, C2)),plus_c{s{Q), M , N , C2)) 

28. newp{[l\SiN,Cl,C2) ^ CI 

29. «ewp([l|S'], Af, CI, C2) ^ eg_c(7V, 0, C2) 

30. newp{[l\Si N , CI, C2) ^ match_c{S, M, p/Ms_c(s(0), M, A^, C2)) 

31. newp{[2\S],N, CI, C2) ^ match_c{S , M , plus_c{s{Q) , M , N , C2)) 
19. p;m,s_c(0,X,X, C) ^ C 

32. plus_c{s{X), Y, s(Z), C) ^ plus_c{X, Y, Z, C) 

This program RegExprMatchl is in continuation passing style, avoids redundant 
calls in case of backtracking, and takes 0{n) resolution steps in the worst case, 
to find an occurrence of a substring of the form 0*1, where n is the length of the 
input string. Moreover, by our Theorem^of Section|3 for every goal g of the form 
match{ti, t2), where ti and t2 are any terms, g terminates in RegExprMatch iff g 
terminates in RegExprMatchl (see also Section I73|) . 



7.4 Marking maximal elements 

Let us consider the following marking problem. We are given: (i) a list LI of the 
form [xq, . . . ,Xr], where for j = 0, . . . , r, Xi is a list of integers, and (ii) an integer n 
(> 0). A list / of s + 1 elements will also be denoted by [l[0], ■ ■ ■ , l[s]]- We assume 
that for z = 0, . . . , r, the list Xi has at least n + 1 elements (and thus, the element 
Xi[n\ exists) and we denote by 771 the maximum element of the set {a;o[n], . . . , 
From the list LI we want to compute a new list L2 of the form [yo, . . . , yr] such 
that, for i = 0, . . . , r, if Xi[n] = m then yi[n] = T else yi[n] = Xi[n]. 

For instance, if LI = [[3,8,-2,4], [1,3], [1,8,1]] and n — 1, then m — 8, that is, 
the maximum element in {8, 3}. Thus, L2 = [[3, T, 2, 4], [1, 3], [1, T, 1]]. 



Transformations of Logic Programs with Goals as Arguments 37 



The following program MaxMark computes the desired list L2 from the list LI 
and the value A^: 

1. mmark{N,Ll,L2) ^ max_nth{N,Ll,0,M), mark{N , M , LI, L2) 

2. max_nth{N,[\,M,M) ^ 

3. max_nth{N,[X\Xs],A,M) ^ nth{N,X,XN), max{A,XN,B), 

max_nth{N, Xs, B, M) 

4. nth{Q,[H\T],H) 

5. nth{s{N),[H\T],E) ^ nth{N,T,E) 

6. mark{N, M, [],[]) 

7. mark{N,M,[X\Xs],[Y\Ys]) ^ mark_nth{N , M , X , Y), 

mark{N, M,Xs, Ys) 

8. mark_nth{0,M, [H1\T], [H2\T]) ^ {M = H1,H2 = T) V {M HI, H2 = HI) 

9. mark_nth{s{N), M , [H\T1], [H\T2]) ^ mark_nth{N , M , Tl, T2) 

10. max{X, Y,X)'^ X> Y 

11. max{X, Y,Y) ^ X <Y 

When running this program, the input list L\ — [xq, . . . , Xr] is traversed twice: (i) the 
first time LI is traversed to compute the maximum m of the set {a;o[^^], . . . ,Xr[nW 
(see the goal max_nth{N , LI, 0, M) in the body of clause 1), and (ii) the second time 
LI is traversed to construct the list L2 by replacing, for i = 0, . . . , r, the element 
Xi[n\ by T whenever Xi[n\ = m (see the goal mark{N, M, LI, L2)). 

Now we use the transformation rules of Section and from program MaxMark 
we derive a new program MaxMark! which: (i) is in continuation passing style, 
(ii) preserves termination, and (iii) traverses the list L\ only once. 

By the definition introduction rule we introduce the following new predicates 
with goal arguments: 

12. newpl{N, LI, L2, A, M, G, CI, G2) ^ 

max_nth{N,Ll,A,M), {G ^{mark{N , M , LI, L2), CI)), C2 

13. newp2{N, X, M, Y, A, B, CI, C2, C) ^ 

nth{N,X,XN), {Gl = {mark_nth{N ,M,X, Y),G2)), 
max{A,XN,B), C 

14. max_c{X,Y,Z,C) ^ max{X,Y,Z), C 

We unfold clauses 12, 13, and 14, and then we move leftwards term equalities (see 
law 3 in Section[5l which allows us to rearrange term equalities). We get the following 
clauses: 

15. newpl{N, [], [], M, M, CI, CI, C2) C2 

16. newpl{N, [X\Xs], [Y\ Ys], A, M, G, CI, C2) ^ 

nth{N ,X,XN), max{A,XN,B), max_nth{N , Xs, B , M), 
{G = {mark_nth{N,M,X,Y), mark{N , M , Xs, Ys), CI)), 
G2 

17. newv2{0,[Hl\T],M,[H2\T],A,B,Gl,G2,C) ^ 

[Gl^ {{{M = HI, H2^T) y {M ^ HI, H2 = HI)), G2)), 
max{A,Hl,B), C 
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18. newp2{s{N), [H\ Tl], M, [H\ T2],A, B, Gl, G2, C) ^ 

nth{N, T1,XN), {Gl = {mark_nth{N,M, Tl, T2), G2)), 
max{A,XN,B), C 

19. max_c{X, Y,X,C) ^ X>Y, C 

20. max_ciX, Y,Y,C) ^ X<Y, C 

By introducing and rearranging goal equalities, from clause 16 we get: 

21. newpl{N, [X\Xs], [Y\ Ys], A, M, G, CI, C2) 

nth{N,X,XN), {Gl = {mark_nth{N,M,X,Y), G2)), 
max{A, XN, B), 

max_nth{N,Xs,B,M), {G2 = {mark{N , M , Xs, Ys), CI)), 
(G=G1), G2 

Finally, by folding steps and goal replacements based on the replacement laws for 
the primitive predicates —, ^, >, and <, we derive the following final program 
MaxMarkl: 

22. mmark{N, LI, L2) ^ newpl{N , LI, L2, 0, M, G, true, G) 
15. newpl{N, [], [], M, M, Gl, Gl, G2) ^ G2 

23. newpliN, [X\Xs], [Y\ Ys],A, M, G, Gl, G2) ^ 

newp2{N, X, M, Y, A, B, Gl, G2), 

newpl{N, Xs, Ys, B, M, G2, Gl, eq_c{G, Gl, C2))) 

24. newp2{0,[Hl\T], M ,[H2\T], A, B, Gl, G2, C) ^ 

eg_c(Gl, {eq_c{M,Hl, eq_c{H2,T, G2))V 

diff_c{M, HI, eq_c{H2, HI, G2))), 
max_c{A,Hl,B, G)) 

25. newp2{s{N),[H\Tl], M,[H\T2], A, B, Gl, G2, C) ^ 

newp2{N, Tl, M, T2, A, B, Gl, G2, G) 

26. max_ciX, Y, X, G) ^ geq_c{X, Y, C) 

27. max_c{X, Y, Y, G) ^ lt_c{X , Y, C) 

This final program MaxMarkl is in continuation passing style and traverses the 
input list LI only once. Moreover, by our Theorem ^ of Sectional for every goal g 
of the form mmark{ti, t2, t^), where ti, t2, and ^3 are any terms, if g terminates in 
MaxMark then g terminates in MaxMarkl (see also Section IT^Kll . 



7.5 Correctness of the Program Derivations 

Let us briefly comment on the correctness properties of the program derivations we 
have presented in this Section 

In all program derivations of Section Q when using the transformation rules, we 
have complied with the restrictions indicated at Point (1) of Theorem El (Weak 
Correctness). Thus, for every program derivation from an initial program Pq to a 
final program Pk , we have that Pk is a refinement of Pq U Dejk , where Dejk is the 
set of definitions introduced during the derivation. In particular, for every ordinary 
goal g, if g terminates in Pq, then g terminates in Pk and the most general answer 
substitutions for g computed by Pq are the same as those computed by Pk- 

In the examples of Sections 17.11 17.21 and 17.31 we have also complied with the 
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restrictions of Point (2) of Theorem[5] (Strong Correctness), because all applications 
of the goal replacement rule are based on strong replacement laws. Thus, in these 
examples we have that Pk is equivalent to PoUDefk- In particular, for every ordinary 
goal g, if g terminates in Pk then g terminates in Pq U Defk- 

However, in the derivation of Section 17.41 we have not complied with the restric- 
tions of Point (2) of Theorem 121 In particular, after unfolding clauses 12, 13, and 
14, we have made leftward moves of term equalities by using law 3 of Section (Sj 
and law 3 is not a strong replacement law. Thus, there may be an ordinary goal 
which does not terminate in the initial program MaxMark and terminates in the 
final program MaxMarkl. Indeed, the goal mmark(0, [H\T], []) does not terminate 
in MaxMark and terminates in MaxMarkl. 

Finally, in all program derivations of this Section Q we have complied with the 
restrictions of Theorem|3 (Preservation of Safety), because all replacement laws we 
have applied preserve safety. Thus, since every ordinary goal is safe in the ordinary 
initial program Pq, we have that every ordinary goal is safe in the final program Pk- 

7.6 Experimental Results 

In Table^below we have reported the speed-ups achieved in the examples presented 
in this paper. The speed-up (see Column D) is defined as the ratio between the run- 
time of the initial program (see Column A) and the run-time of the derived, final 
program (see Column B). In Columns A and B we have also indicated the asymp- 
totic worst-case time complexity of the initial and final programs, respectively. For 
each program the complexity is measured in terms of the size of the proofs relative 
to that program (or, equivalently, the number of LD-resolution steps performed 
using that program). The input goal is indicated in Column C. We performed our 
measurements by using BinProlog on a SUN workstation. This use is justified by 
the fact that every ordinary goal g is safe both in the initial program Pq and in 
the final program Pk- Thus, we can use any Prolog system which implements LD- 
resolution (and, in particular, the BinProlog system) for computing the relations 
Pq ^ 9 ^ A and Pk \~ g ^ A defined by our operational semantics. 
In Column C of Table we have that: 

(1) ti is a random binary tree with 100,000 nodes; 

(2) t2 is a random binary tree with 100,000 nodes; 

(3) t^ is a random binary tree with 20,000 nodes and each node is labeled by a 
numeral of the form 5*^(0), where 0<A;<500; 

(4) t4 is a random binary tree with 20,000 nodes whose leaves are labeled by nu- 
merals of the form s'^(O), where 0<fc<500; 

(5) s is a random sequence of integers of the form: {0, 2}^°"°"l; and 

(6) ui is 700, h is a random list of 1000 lists, and each of these lists consists of 800 
integers. 

When measuring the speed-ups for the programs Deepest and DeepestOr in 
Rows 1 and 2 we have computed the set of all answer substitutions, while for 
the programs Flip Check, TreeSum, RegExprMatch, and MaxMark in Rows 3-6 we 
have computed one answer substitution only. 
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Table 1. Speed-ups of the Final Programs with respect to the Initial Programs 



A. Initial Program: B. Final Program; C. Input goal D. Speed-up:" 

run-time (A) 

Asymptotic Complexity Asymptotic Complexity run timc(B) 



1. Deepest : 0{n^)° Deepesi2 : 0{n) deepest {tx,N) 5.2 

2. DeepestOr : 0{n^)^ Deepesi2 : 0{n) deepest{t2,N) 2.7 

2,. Flip Check : 0{n)'^ Flip Check! : 0{n) flipcheck{t3,T) 1.0 

4. TreeSum : 0{n^)^ TreeSum2: 0{n) treesum{t4,N) 9.2 

5. RegExprMatch : 0{n'^}f RegExprMatchl : 0{n) match{s,N) 1.8 

6. MaxMark : 0{n)9 MaxMarkl : 0{n) mmark(ni,h,L2) 1.8 



run-time (A) denotes the run-time of the program in Column A for the input goal in Column C. 
run-time(B) denotes the run-time of the program in Column B for the input goal in Column C. 
n is the number of nodes of the tree ti . 
n is the number of nodes of the tree t2 ■ 

n is the number of nodes of the tree t^. For the goal flipcheck{t:j,T), the program FlipCheck 
visits the tree t-j twice, while the program FlipCheck2 visits (3 only once. 

^ n is the sum of the leaves of the tree t^. 
n is the length of the string s. 

3 n is the sum of the lengths of the lists in Zi . 

As already mentioned at the end of Section |21 the value of the speed-up relative 
to the initial program Deepest (see Row 1) is higher than the value of the speed-up 
relative to the initial program DeepestOr (see Row 2), and this is not due to the use 
of goals as arguments, but to the introduction of a disjunction, thereby clauses 2 
and 3 have been replaced by clause 16. 

The absence of speed-up for the final program FlipCheck2 (see Row 3) with re- 
spect to the initial program FlipCheck, is caused by the fact that the efficiency 
improvements due to the elimination of the double traversal of the input tree t^ 
are cancelled out by the slowdown due to the introduction of multiple continua- 
tion arguments. However, the experimental results for the initial program MaxMark 
and the final program MaxMarkl (see Row 6) show that the elimination of double 
traversals of data structures may yield a significant speed-up, especially when the 
access to the data structure is very costly. Recall that the program MaxMark tra- 
verses twice the list h, and for each list I in the list li, the program has to access 
ni elements of I. We have verified that the speed-up obtained by eliminating the 
double traversal of h increases with the value of rii. 

8 Final Remarks and Related Work 

We have shown that a simple extension of logic programming, where variables may 
range over goals and goals may appear as arguments of predicate symbols, can be 
very useful for transforming programs and improving their efficiency. 

We have presented a set of transformation rules for our extended logic language 
and we have shown their correctness with respect to the operational semantics 
given in Section 01 In particular, in Section El we have shown that, under suit- 
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able conditions, our transformation rules preserve termination (see Theorem 0, 
most general answer substitutions (see Theorem ^J, and safety (see Theorem Ol. 
As in IjBossi and Cocco 1994|) . for our logic programs we consider an operational 
semantics based on universal termination (that is, the operational semantics of 
a goal is defined iff all LD-derivations starting from that goal are finite). Theo- 
rem 12 extends the results presented in l|Bossi and Cocco 1994|l for definite logic 
programs in that: (i) our language is an extension of definite logic programs, and 
(ii) our folding rule is more powerful. Indeed, even restricting ourselves to pro- 
grams that do not contain goal variables and goal arguments, we allow folding 
steps which use clauses whose bodies contain disjunctions, and this is not possible 
in l|Bossi and Cocco 1994|l . where for applying the folding rule one is required to 
use exactly one clause whose body is a conjunction of atoms. However, one should 
notice that the transformations presented in l|Bossi and Cocco 199411 preserve all 
computed answer substitutions, while ours preserve the most general answer sub- 
stitutions only. 

Our logic language has some higher order capabilities because goals may occur as 
arguments, but these capabilities are limited by the fact that the quantification of 
function or predicate variables is not allowed. However, the objective of this paper 
is not the design of a new higher order logic language, such as the ones presented 
in IjChen et al. 19931 |Hill and Gallagher 1998|lNadathur and Miller 1998|l . Rather, 
our aim was to demonstrate the usefulness of some higher order constructs for 
deriving efficient logic programs by transformation. Indeed, we have shown that 
variables which range over goals are useful in the context of program transformation. 
Moreover, the use of these variables may avoid the need for goal rearrangements 
which could generate programs that do not preserve termination. 

The approach we have proposed in this paper for avoiding incorrect goal re- 
arrangements, is complementary to the approach described in IjBossi et al. 1996)l . 
where the authors give sufhcient conditions for goal rearrangements to preserve left 
termination. (Recall that a program P is said to be left terminating iff all ground 
goals universally terminate in P.) Thus, when these sufficient conditions are not 
met or their validity cannot be proved, one may apply our technique which avoids 
incorrect goal rearrangements by the introduction and the rearrangement of goal 
equalities. Indeed, we have proved that the application of our technique preserves 
universal termination, and thus, it preserves left termination as well. 

The theory we have presented may also be used to give sound semantic foun- 
dations to the development of logic programs which use higher order generaliza- 
tions and continuations. In l|Pettorossi and Pro ietti 19971 |Tarau and Boyer 1990| ) 
and l|Pettorossi and Skowron 1987.; .Wand 1980 ) the reader may find some examples 
of use of these techniques in the case of logic and functional programs, respectively. 

We leave for future work the development of suitable strategies for directing the 
use of the transformation rules we have proposed in this paper. 
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Appendix 

This Appendix contains: 

(i) Proposition 2] and its proof, 

(ii) the proofs of Lemmata ^ |3 and 0] (based on Propositions |21 and ^J, 

(iii) Lemmata 121 and Eland their proofs (based on Proposition ^J, and 

(iv) the proofs of the main results, that is, (iv.l) the proof of Theorem ^ (based 
on Proposition 131 Lemmata ^ [51 and^J, (iv.2) the proof of Theorem (21 (based 
on Proposition n and Theorem Q}, and (iv.3) the proof of Theorem (based on 
Lemmata and EJ . 

For the proofs of Proposition and Lemma^given below, we need the following 
definition. 

Definition 8 {Size and ^-measure of a Deduction Tree) 

Let T be a finite deduction tree. The size of r is the number of its nodes, and the 
li-measure of r, denoted /^(r), is the pair (m, s), where m is the depth of r and s 
is the size of t. 

The values of the /x-measure can be lexicographically ordered, and we stipulate 
that: (mi,si) < (7712,52) iff either mi < 7712 or (7711 = 7712 and si<,S2)- 

Proposition 4 

Let P be a program, gi, §2 be goals and let be a set of variables. 

(i) P \- W {gi — > 32) holds iff for every idempotent substitution d such that 
vars{'&) n vars{gi, §2) C V, for every goal g such that vars{g) fl vars{gi, g2) C V, 
and for every b G {true, false}, we have that: 

if F h ((711? Ag) lb then P h {g2^ A g) I b. 

(ii) P h yv{gi 52) holds iff for every idempotent substitution t? such that 
varsi-d) fl vars{gi, g2) C V, for every goal g such that vars{g) fl vars{gi, g2) C V, 
and for every b £ {true, false}, we have that: 

if F h (gii9 A g) im b then P h {g2i} A g) l„ b and m> n. 

(iii) The following two properties are equivalent: 

(iii.l) for every goal context such that vars{h[_]) n vars{gi, (72) ^ V , 
if h[gi\ is safe in P then h[g2\ is safe in P, and 
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(iii.2) for every idempotent substitution such that vars{'d) D vars{gi, g2) Q V and 
for every goal g such that vars{g) n vars{gi, g2) Q V, 
if gii) A 5 is safe in P then g2'd A g is safe in P. 

Proof of Proposition ^ 

(i) only-if part. Let us consider an idempotent substitution d such that vars{'d) D 
vars{gi, g2) Q V. Let d be {C/i/mi,..., Uk/uk}. Since d is idempotent we have 
that for i ~ I, . . . ,k, Ui ^ Ui. Assume that for every goal g such that vars{g) D 
vars{gi, g2) C V, and for every 6 S {true, false}, there exists Ai £ V{Suhst) such 
that P h (gii? A (7) I— > ^1. We have to show that there exists A2 G V{Suhst) such 
that P h {g2-& Ag) ^ ^2 and ^i = iff via = 0- 

By suitably renaming the variables of the goal gi, without loss of generality we 
may assume that, for i — 1, . . . ,k, Ui ^ vars{g). Since 'd is idempotent, by using 
rules {teq2) and (geq) we may construct a proof of P h Ui = ui A . . . A Uk = UkA 

91 A g ^ Bi, where Bi = [do Ai). By the hypothesis that P h yv{gi — > 32) holds 
and the hypotheses that varsii)) fl vars{gi, (^2) Q V and vars{g) fl vars{gi, 32) C V, 
we have that there exists B2 £ P{Subst) such that P h f/i = ui A . . . A f/fc = w^A 

92 A g ^ B2 has a proof and Pi = iff P2 = 0- The only way of constructing 
this proof is by using k times the rules {teq2) or (geq) and constructing a proof of 
Ph g2^ Ag^ A2, where B2 = {doA2). Thus, Ai=^ iff Pi =0 iff P2 = iff ^2 = 0- 
(i) i/part. We show a slightly more general fact than the i/part of (i). We assume 
that for every idempotent substitution d such that vars{^) n vars{gi, (72) ^ 1^, and 
for every goal g such that vars{g) fl vars{gi, 52) ^ 1/, if there exists ^1 G 'P{Suhst) 
such that P h [gid A 9) ^ Ai, then there exists A2 G V{Suhst) such that P h 
(32^? A g) i-^ A2 and ^1 = iff ^42 = 0. Then we show that, for every goal context 
h[J\ and substitution ■& such that vars(h[J\'d) n vars{gi, g2) C ]/, 

if there exists Pi £ V{Suhst) such that P h /i[(7i]i? 1-^ Pi 
then there exists P2 G V{Suhst) such that P \- h[g2\i^ ^ P2 
and Pi=0 iff P2=0. 

We prove our thesis by induction on the measure /z(7r) (see Definition |SJ) of the 
proof TT of P h h[gi\'d ^ Pi (recall that a proof is a particular finite deduction 
tree). We reason by cases on the structure of the goal context h[J\. We consider the 
following four cases only. The others are similar and we omit them. 

- Case 1: h[J\ is _ A 53. 

Assume that P h gidAgsd 1-^ Pi. Then, by hypothesis, we get: P h g2'dAg^'d ^ B2 
for some P2 G ViSuhst) such that Pi = iflF P2 = 0. 

- Case 2: is ii^fe A 53[_]. 

Assume that there exists a proof tti of P h ti'd~t2d A g'i\gi]d ^ Bi. 

If tid and t2'd are not unifiable then, by rule {teql). Pi is and there exists a proof 

of P h tid^t2d Ag3.[g2\^^%. 

If ti?? and t2'd are unifiable then, by rule {teq2). Pi is of the form {mgu{tid, t2'd)oCi) 
for some Ci G P{Subst) and there exists a proof 7r2 of P h 33[(?i]i? mgu{tid, t2'd) ^ 
Ci. Since /x(7r2) < /x(7ri), by induction hypothesis P h g^[g2]'d mguitii) , t2'd) t-^ C2 
has a proof for some C2 G V{Suhst) and Ci = iff C2 = 0. Thus, by rule {teq2). 
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there exists B2 G V{Suhst) such that P h ti-d = t2"& A 53 [52]^^ *■ where B2 = 
mgu{tid, t2d) o C2 and 5i = iff Ci = iff C2 = iff -82=0. 

- Case 3: is {G = gi[J^) A 5-4. 

Assunie that P h ((G = .93[.9i]) A 54)1? 1— > i?i has a proof of depth m and size s. 
Then, G'd is a goal variable not occurring in gz[gi\'d, the node P h (G'i? = 33[(7i]z?) A 
541? I— > Bi has been obtained by applying rule {geq), Bi is {G'd / gz[gi]'d} o Ci for 
some Ci e 'P{Subst), and P h 5'4i?{Gi?/5'3[5i]'!?} 1-^ Ci has a proof of depth 
m and size s — 1. Now, suppose that Gi? occurs in 941? n times. Thus, also 91 
will occur n times in gA'dlG-d/ g^lgij-d}. Since (m,s — 1) < {m,s), by applying the 
induction hypothesis n times, we have that there exists C2 S V{Subst) such that 
P h .94t?{G'!?/53[£/2]t^} ^ G2 has a proof and Gi = iff G2 = 0. By using rule 
(geq), we can construct a proof of P h GS = ,93[32]i^ A 34 i?2, where P2 is 
{Gt^/33[52]i?}oG2. Thus, Bi=0 iff Gi=0 iff G2 = iff P2 = 0- 

- Case 4: is p{ui, . . . , . . . , Wfc) A 33. 

Assume that P h p{uid, . . . , . . . , itfci9) A g^d Pi has a proof of depth m 

and size s. Then, in the last step of this proof rule [at] has been used, Bi is of 
the form Gi \ vars{p{ui'd , . . . , Ui[gi]'d, . . . , Uk'd) A g^-d) for some Gi G V{Subst), and 
P h hody{U\/ui'd, . . . , Ui/ui[gi\'&, . . . , Uk/uk'd} A ^s^i? Gi has a proof of depth 
m — 1 and size s — 1, where p{Ui, . . . , Ui,. . . , Uk) <— body is a renamed apart clause 
of P. Since (tti — 1,5 — 1) < {m,s), by induction hypothesis we have that there 
exists G2 e V{Subst) such that P h 6orf?/{ Ui/uii), . . . , f/j/Mi[52]t^, • • • , Uk/uk'd} A 
531? I— »• G2 has a proof and Gi = iff G2 = 0. Thus, by using rule {at), we can 
construct a proof of P h p{ui'd, . . . , Ui[g2]'d, ■ ■ ■ , Uk'd) A .93"!? 1-^ B2, where P2 is 
G2 \ vars{p{ui'd, u^[g2]'d, . • • , Uk^) A gs'd) and Pi = iff Gi = iff G2 = iff 

P2 = 0. 

(ii) The proof is similar to the one of (i) and we omit it. 

(iii) Suppose that (iii.l) holds and suppose also that ■(? is an idempotent substitution 
such that vars{d)nvars(gi, 52) ^ V, (7 is a goal such that vars(g)C\vars{g\, g2) C V, 
and gi'd A g is safe in P. We have to prove that g2'd A g is safe in P. 

Suppose that g2'& A g is not safe in P. Then there exist A G V{Subst) and a 
deduction tree ri for P h 921? A .9 j4 such that a leaf of ti is of the form 
P ^ 93 B and ,93 is stuck. Let •& be the substitution {Ui/ui, . . . , Uk/uk} such 
that, for i = 1,. . . ,k, Ui ^ Ui. Without loss of generality, we may assume that, 
iov i = 1, . . . ,k, Ui ^ vars{g). By using rules {tecft,) and (geq), we can construct 
a deduction tree T2 for P h C/i = 7ii A . . . A f/fc = Mfe A ^2 A .9 ^ such that 
T2 has P h 53 1-^ P at a leaf. Thus, J7i = mi A . . . A Uk = Uk A g2 A g is not 
safe in P. Since vars{'&) fl vars{g\,g2) C 1^ and vars{g) fl vars{gi,g2) C V^, we 
have that 'vars{Ui = mi A . . . A Uk = Uk A g) Ci vars{gi,g2) C F and, thus, by (iii.l) 
f/i = Mi A. . . A f/fc = Ufc A51 Ag is not safe in P. None of the goals Ui = ui, . . . , Uk = Uk 
is stuck and, thus, a descendant node of gi'd A g is stuck, that is, gi^ A g is not safe 
in P. 

The proof that (iii. 2) implies (iii.l) can be done by induction on deduction trees 
ordered by the /x-measure. We omit this proof. □ 
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Proof of Lemma^ 

Recall that, by definition, for every b e {true, false}, P g [m b means that there 
exists A G V{Subst) such that _P h 3 i-> ^ has a proof of depth m and b — true iff 
^47^0. We prove the thesis by induction on the /i- measure (see Definition |H1) of the 
proof of P h 3 I— » v4 which, by hypothesis, has depth m and size s. 
Our induction hypothesis is that, for all {ml, si) < (m, ,s), for all goals g, and for 
all Ai £ V{Subst), if F h g ^ Ai has a proof of depth ml and size si, then there 
exists Bi e V{Subst) such that NewP \- g 1^ Bi has a proof of depth nl, with 
ml > nl, and Ai=$ iff Bi = We have to show that there exists B e V{Subst) 
such that NewP \- g ^ B has a proof of depth n, with m > n, and j4 = iff 
B = We proceed by cases on the structure of g. We first notice that, since A is 
associative with neutral element true, the grammar for generating goals given in 
Section 2 can be replaced by the following one: 

g ::= G A gi \ true \ false A gi \ (ti = t2) A gi \ (31 =52) A 33 | 
p{ui, . . . , m™) A 31 I (gi V 32) A 33 

We consider the following two cases only. The others are similar and we omit them. 

- Case 1: 5 is (51 = 52) A53. Assume that P f- ((/i = (72) A (73 i—> ^4 has a proof of depth 
m and size s. Then, gi is a goal variable, say G, G ^ vars{g2), P h {G ~ g2) A g^ ^ 
A has been derived by applying rule {geq), and there exists Ai £ V{Suhst) such 
that A = {{G / g2} o ^1) and P h g-i{G / g2} ^ Ai has a proof of depth m and size 
s — 1. Since (m, s — 1) < {m, s), by induction hypothesis there exists Bi G V{Subst) 
such that NewP h 53 {(5/(72} ^ i?i has a proof of depth with m > n and 
^1 = iff Si = 0. By rule [geq), we have that NewP h (G = 32) A 33 1-^ P, where 
5 = ({(7/52}° Pi), has a proof of depth n with m > n. By the definition of the o 
operator, we have that .4 = iff ^1 = iff Pi = iff P = 0. 

- Case 2: g is p{ui, . . . , A 31. Assume that P h p(mi, . . . , Um) A 31 t— > ^ has 
a proof of depth m and size s. Then, P h p{ui, . . . , Um) A gi A has been 
derived by using rule (at), and there exists Ai e V{Subst) such that ^ = (j4i \ 
vars{p{ui, . . . , Mj;) A gi)) and P h 6(ir{ Vi/ui, . . . , Vm/ Um} A gi 1-^ Ai has a proof 
of depth m — 1 and size s — 1, where p{Vi,..., Vm) ^ bdr is a renamed apart 
clause of P. Now, by the hypothesis that P h VFi, . . . , Vm {bdr newbdr), by 
the fact that vars{{ Vi/ui, . . . , Vm/ Mm}) H vars{bdr, newbdr) C { Fi, . . . , !/„} and 
vars{gi) fl vars{bdr, newbdr) ^ { T^i, ■ • ■ , V^m}, and by Proposition 0] (ii), we have 
that there exists j42 G 'P{Subst) such that P h newbdr{ Vi/ui, . . . , F™/ ^m} Af^i ^ 
A2 has a proof of depth nl and size si, with m — 1 > nl and ^1 = iff ^2 = 0- 
Since (nl,sl) < {m,s), by induction hypothesis there exists Pi £ V{Subst) such 
that NewP h ne^iiM^} ■ • ■ , ^m/wm} A gi ^ Pi has a proof of depth n2 
with nl > n2 and ^2 = iS^ Pi = 0- Since hdr is p{Vi, . . . , Vm), by using rule {at) 
we can construct a proof for NewP h p{ui, . . . , Um) A gi ^ B ol depth n = n2 + l 
where P = (Pi |" vars{p{ui, . . . , Uk) A .91)). Thus, m > n and, by the definition of 
the t operator, ^ = iff ^1 = iff ^2 ==0 iff Pi =0 iff P ==0- □ 

Proof of Lemma\^ 

(i) Let us consider the transformation sequence Pi, . . . , Pj. Let us also consider 
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any index h in {i, . . . ,j — 1} and any two clauses ci: /id <— bd in program Ph and 
C2 : ^ newbd in program P/^+i . Since Pi, . . . ,Pj is constructed by using the 
unfolding rule only, we have that: 

6d = . . . , and newbd ^ h[g{Vi/ ui, ... ,Vm/ Um}] 

for some clause p( Vi, . . . , Kn) 3 in Pi, some goal context and some m-tuple 
of arguments . . . , Um)- To prove this lemma we have to show that: 

P, V- 'iV{b[p{uu...,u^)\ i b[g{Vilui,...,V,n/u^}]) (a) 
where V = vars{hd). Now, for every clause p( Vi, . . . , Vm) ^ 9 vn Pi we have that: 

h VFi, . . . , y„ . . . , y„) ^ 5) 

From (/3), by Point (iv') of Proposition |2] we get: 

P, h VPF {p{uu Ura) ^ g{ Vi/Ui, . . . , F™/?/„J) (7) 

where W — vars{ui, ...,«„). From (7), by Point (i') of Proposition [3 we get: 
P, h yZ{b[p{uu...,Ura)] ^ b[g{Vi/ui,...,V^/u^}]) (6) 

where Z = vars{b[p(ui, . . . , Um)]). From ((5), by Points (ii') and (iii') of Proposi- 
tion |21 we get (a), as desired. 

(ii) In order to prove Point (ii) of the thesis, we first show the following property. 

Property (A): For every clause d: newp{Vi, . . . , V„i) ^ g in Defk which is used 
for folding during the construction of the sequence Pj , . . . , P^, we have that the 
replacement law Pj h VVi, . . . , Vm {newp{ Vi, . . . , Vm) ^— <?) holds. 
Property (A) is a consequence of the fact that during the sequence Pi, . . . ,Pj we 
have performed the parallel leftmost unfolding of every clause which is used for 
folding during P, , . . . , P^ . 

Now we prove Point (ii) of the thesis by cases with respect to the transformation 
rule which is used to derive program Ph+i from program P^, for h — j , . . . , k — 1. 

- Case 1: Ph+i is derived from Ph by the unfolding rule using a clause which is 
among those also used for folding (in a previous transformation step). The thesis 
follows from Property (A) and Points (i'), (ii'), (iii'), and (iv') of Proposition [51 

- Case 2: Ph+i is derived from Ph by the unfolding rule using a clause c which 
is not among those used for folding. Thus, c belongs to Pq because the only way 
of introducing in the body of a clause an occurrence of a non-primitive predicate 
which is not defined in Pq, is by an application of the folding rule. Hence, c belongs 
to Pj as well. Now, for every clause c of the form: p{Vi, . . . , Vm) ^ in Pj we 
have that: 

p, h yvi,...,Vmip{Vi,...,Vm) ^ 9) 

The thesis follows from Property (A) and Points (i'), (ii'), (iii'), and (iv') of Propo- 
sition |21 

- Case 3: P^+i is derived from P/^ by the folding rule. The thesis follows from 
Property (A) and Points (i'), (ii'), (iii'), and (iv') of Proposition |2 

- Case 4: Ph^i is derived from P^ by the goal replacement rule based on a replace- 
ment law of the form Pq h VV^ (51 ^> g-i). The thesis follows from Points (i'), (ii'). 
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and (iii') of Proposition[21and the fact that also Pj h V V{gi ^—>- 32) holds, because 
the non-primitive predicates of {<?i, 52} are defined in Pq, and for each predicate p 
defined in Pq, the definition of p in Pq is equal to the definition of p in Pj. □ 

Proof of Lemma\^ 

We assume that there exists A e V{Suhst) such that NewP \- g 1-^ A has a proof 
of size n. We have to show that there exists B G V{Suhst) such that P \- g ^ B 
holds, and ^ = iff B — %. We proceed by induction on n. We assume that, for all 
m < n, for all goals h, and for all Ai e ViSubst), if NewP h h 1-^ Ai has a proof 
of size m, then P \- h ^ Bi has a proof for some i?i G V{Suhst) such that j4i =0 
iff Si =0. Now we proceed by cases on the structure of g. We consider the following 
two cases. The other cases are similar and we omit them. 

- Case 1: g is {gi — 32) A g^. Assume that NewP h {gi = 32) A (^3 1-^ A has a 
proof of size n. Then, gi is a goal variable, say G, G ^ vars{g2), and NewP h 
[G = g2) /\ gs ^ A has been derived by applying rule {geq). Thus, there exists 
Ai G V{Suhst) such that A is ({G'/c/2} o ^1) and NewP h gz{G / g2} ^ Ai has a 
proof of size n — 1. By induction hypothesis there exists Bi G V{Suhst) such that 
-P ^~ 33{G'/52} 5i has a proof and ^1 = iff 5i = 0. By using rule [geq), we 
can construct a proof of P h ( G = 32 ) A 33 ^ i? where S is {G / g2] o Bi. By the 
definition of the o operator, we have that A^% iff ^i = iff Bi =0 iff 5 = 0. 

- Case 2: g is p{ui, . . . , Um)/\gi- Assume that NewP h . . . , Um)f\gi ^ A has a 
proof of size n. Then, NewP h , . . . , Um)f\ gi ^ A has been derived by applying 
rule (ai), and there exists a proof of size n — 1 of NewP h newbdr{Vi/ ui, . . . , 
l^m/'itm} A (;i 1^ ^1 where p(yi, . . . , V,n) *~ newbdr is a renamed apart clause 
of NewP and j4 is (j4i \ vars{p{ui, . . . , Wfc) A gi)). By induction hypothesis there 
exists a proof of f h newbdr{ Vi/ui, . . . , Vm/wm} A 31 i?i such that ^1 = 
iff i?i = 0. Now, by the hypothesis that P h VFi, . . . , Vm {newbdr — > bdr), by 
the fact that vars{{ Vi/ ui, . . . , Vm/ Um}) H vars{bdr, newbdr) Q {Vi, . . . , Vm} and 
vars{gi)nvars{bdr, newbdr) C { y^, . . . , Vm}, and by Proposition2|(i), we have that 
P h Vi/ui, . . . , T^m/wm} A (^i ^ B2 has a proof for some B2 G V{Subst) such 
that i?i =0 iff i?2 =0. Since /idr is p{ Vi, . . . , l^m), by using rule (at) we can construct 
a proof for P h . . . , Mm) /\ gi^ B where B is (i?2 \ vars{p{ui, . . . , Ufc) A 51)). 
By the definition of the \ operator, we have that yl = iff y4i =0 iff Si = iff B2 =0 
iff 5 = 0. □ 

Proof of Lemma^ 

If Ph+i is derived from P/^ by the unfolding rule using a clause of the form 
p{Vi, . . . , Vm) ^ g in Pq U Defk, then the thesis follows from Points (i), (ii), (iii), 
and (iv) of Proposition [3 and the fact that the replacement law Pq U Def^ h 
VVi, . . . , Vm{g — > p{Vi, . . . , Vm)) holds. Similarly, if Ph+i is derived from Ph by 
the folding rule using a clause of the form newp{ Vi, . . . , Vm) <— 3 in Defk, then the 
thesis follows from Points (i), (ii), (iii), and (iv) of Proposition |21 and the fact that 
the replacement law Pq U Defk I" VFi, . . . , {newp{ V^i, . . . , Vm) — > g) holds. 
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Finally, if Ph+i is derived from Ph by the goal replacement rule, then the thesis fol- 
lows from the fact that it is based on a strong replacement law and from Points (i), 
(ii), and (iii) of Proposition [5] □ 

The following Lemma |S1 and Lemma El are necessary for proving that a transforma- 
tion sequence preserves safety (see Theorem 

Lemma 5 

Let P and NewP be programs of the form: 

P : hdi <— bdi NewP : hdi <— newbdi 

hdg ^ hdg hdg <— newbdg 

Suppose that for r — 1, . . . , s and for every goal context b[_] such that vars{b[_]) D 
vars{bdr, newbdr) C vars{hdr), we have that if is safe in P then b[newbdr] is 

safe in P. Then, for every goal g, if g is safe in P then g is safe in NewP. 



Proof of Lemma [3 

We assume that g is not safe in NewP and we prove that g is not safe in P. 
Since g is not safe in NewP, there exist A e V{Subst) and a deduction tree r for 
NewP h (7 j4 such that a leaf of r is of the form NewP h gstuck ^ B and 
the goal gstuck is stuck. We proceed by induction on the size of r. We consider the 
following two cases only. The others are similar and we omit them. 

- Case 1: g is [gi = 52) A 33. Assume that the deduction tree t for NewP h 
(31 = 52) A 53 t— > A has size s. If gi is not a goal variable or it is a goal variable 
occurring in 52, then (91 =32) A 33 is not safe in P. Otherwise, gi is a goal variable, 
say G, and G ^ vars{g2). Thus, NewP h (G = 32) A 33 1-^ ^ has been derived by 
applying rule {geq), and there exists Ai e 'P{Subst) such that: (a) the subtree n of 
r rooted at NewP h gz{G / g2\ ^ Ai has size s— 1, and (b) NewP h gstuck ^ B i& 
a leaf of ti. By induction hypothesis gz{G / g2\ is not safe in P and, by rule [geq), 
also (G = 52) A 53 is not safe in P. 

- Case 2: is . . . , Wm) A Assume that the deduction tree r for NewP h 

. . . , fi,„) A 51 1-+ ^ has size s. Thus, NewP V- p{ui,...,Um) A gi ^—^ A 
has been derived by using rule {at), and there exist A' £ ViSubst) and a re- 
named apart clause p{ Vi, . . . , Vm) *^ newbdr of NewP such that: (a) the sub- 
tree Ti of T rooted at NewP h newbdr{Vi/ ui, . . . , Vm/um\ A gi ^' has 
size s — 1 and (b) NewP h gstuck 1— > i? is a leaf of ti . By induction hypoth- 
esis newbdr{Vi/ ui, . . . , Vm/um} A is not safe in P. Now, by hypothesis, by 
the fact that vars{{ Vi/ui, . . . , Vm/ Um}) H vars{bdr, newbdr) C {Vi, . . . , Vm} and 
vars{gi) H varsibdr, newbdr) Q { Vi, . . . , Kn}, and by Proposition 0] (iii), we have 
that bdr{ Vi/ui, . . . , Vm/ Um} A gi is not safe in P. Since p{Vi, . . . , Vm) ^ bdr is a 
renamed apart clause of P, by rule (ai), also p{ui, . . . , Um) A gi is not safe in P . □ 
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Lemma 6 

Let Pq, . . . , Pk be a transformation sequence and let Defk be the set of definitions 
introduced during that sequence. For h = 0, . . . , fc — 1, for any pair of clauses ci: 
hd <— bd in program P^ and C2: hd <— newbd in program Ph+i, such that C2 is 
derived from ci by an application of the unfolding rule, or folding rule, or goal 
replacement rule which preserves safety, and for every goal context &[_] such that 
vars{b[_]) D vars{bd, newbd) C vars{hd), we have that: 

if b[bd] is safe in Pq U Defk then b[newbd] is safe in Pq U Defk- 
Proof of Lemma\^ 

First we notice that, for every clause hda ^ bdo in Pq U Defk and for every goal 
context 6[_] such that wars (&[_]) H vars{bdo) C vars{hdQ), we have the following: 

Property (S): 6[/i(io] is safe in Pq U -De/fc iff &[&(io] is safe in Pq U -De/t. 

Now, take any h = 0,...,fc — 1. We reason by cases on the transformation rule 

applied for deriving the clause hd <— newbd in Ph+i from the clause hd <^ bd in 

Ph- 

If /ic? <— newbd is derived from /id <— M by the unfolding rule using a clause 
/irfo ^ ^cfe in ^0 U D^fk, then for some goal context g[J\^ bd is of the form g[hdo'ff\ 
and newbd is of the form (7[6(ioi9]. Then the thesis follows from the only- if part of 
Property (S). 

Similarly, if hd <— newbd is derived from hd <— bd by the folding rule using a 
clause /ido ^ bdo in -Po U -De/fc, then for some goal context g[_], bd is of the form 
glbdf)!!}] and newbd is of the form g[hdo'&]. Then the thesis follows from the i/part 
of Property (S). 

Finally, if hd ^ newbd is derived from hd <— bd by the goal replacement rule, then 
the thesis follows from the hypothesis that every application of the goal replacement 
rule preserves safety. □ 

Proof of T/ieorem 01 (Preservation of Successes and Failures). 

By Proposition 13 without loss of generality we may assume that the admissible 
sequence Pq, . . . ,Pk is ordered. Let Pj be the program obtained at the end of the 
second subsequence of Pq, . . . , Ffe, that is, after unfolding every clause in Defk which 
is used for folding. Point (1) of this theorem is a consequence of the following two 
facts: 

(Fl) by Lemma^and Point (i) of Lemma|21 we have that, for every goal g and for 
every b £ {true, false}, if Pq U Defk ^ g Im b then Pj h g J.„i b with m > nl, 
and 

(F2) by Lemma ^a-nd Point (ii) of Lemma |21 we have that: for every goal g and 
for every b € {true, false}, if Pj h g b then Pk \~ g In b with nl > n. 
Point (2) of this theorem is a straightforward consequence of LemmataOland^ □ 

Proof of T/ieorem[3 (Correctness Theorem). 

(1) First we prove that Pq U Defk E Pk- Let g be an ordinary goal and let A be 
a set of substitutions such that Pq U Defk ^ 9 '-^ A. We have to prove that there 
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exists B G V{Suhst) such that Pk h g t-^ B and A and B are equally general with 
respect to g. 

Since Pq U Defk \^ g A, hy definition there exists b G {true, false} such that 
Pq U Defk ^ g i b. By Point (1) of Theorem^ we have that Pk ^ g I b and, thus, 
there exists B G V{Subst) such that Pk\- g ^ B. 

In order to prove that A and B are equally general with respect to 5, we have to 
show that: (a) for every substitution a E A there exists a substitution j3 £ B such 
that ga is an instance of g(3, and (b) for every (3 E B there exists a £ A such that 
g(5 is an instance of ga. 

(a) Let a be a substitution in A. From P^ U -De/t h 5 1-^ ^, by Proposition^ (ii.l), 
we have that Fo U -De/^. h (;q: J, irae. Thus, by Point (1) of Theorem^ we have 
that Pfc h (;a J, true. Since Pk ^ g B holds, by Proposition^ (ii.l), there exists 
a substitution (3 € B such that ga is an instance of gf3. 

(b) Let /3 be a substitution in P. From Pfc h ^ 5, by Propositionn(ii.l), we have 
that Pfc I- 5/3 i irwe. From Pq U -De/fc h (; ^, by Proposition ^ (i), we have that 
either Pq U Defk \- gP I true or Pq U Defk \- gP I false. Now Pq U £)e/fc h j /aZse 
is impossible because by Point (1) of Theorem^] we would have Pk ^ g/3 I false. 
Thus, Po U Defk ^ gP I true. Since Pq U Defk ^ g ^ A, hy Proposition □ (ii.l), 
there exists a G A such that gP is an instance of ga. 

(2) We have to prove that if all applications of the goal replacement rule in the 
sequence Pq, . . . , Pfc are based on strong replacement laws, then Pq U Def,^ = Pk. 
Since Pq U Def^. C Pk has been shown at Point (1) of this proof, it remains to show 
that: Pfc ^ Pq U Defi^. The proof is similar to that of Point (1) and it is based on 
Point (2) of Theorem n and Proposition^] (ii.l). □ 

Proof of Theorem\^ (Preservation of Safety). 

Let hd <— fed be a clause in Pq U Defk and let hd <— newbd be the clause in Pfc with 
the same head. By Lemma we have that, for every goal context such that 
vars{b[-\) H vars{bd, newbd) C vars{hd), if b[bd] is safe in Pq U Def f. then b[newbd] 
is safe in Pq U Defk. Then, by Lemma [SJ for every goal g, if g is safe in Pq U Defk 
then g is safe in Pfc. □ 
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